Prośa o sprawdzenie loga- "bluescreen" windowsa 8

[odyniec]

Witam szanownego Nie Wiem (btw niezły nick)
Kolega poprosił mnie o sprawdzenie komputera pod kontem złośliwego oprogramowania. Problemem jest tutaj pojawiający się co jakiś czas bluescreen, w niektórych przypadkach źle wykrywa również pamięć. Jest także co jakiś czas problem z szybkością łącza- przy łączy 150 mb/s potrafi zamulić filmik na rozdzielczości 480.
Tutaj wymagane logi: (w trakcie skanowania GMEREM pojawił się komunikat o tym, że plik C:\Windows\system32\config\system oraz C:\users\pa nie mogą być sprawdzone, bo są zajęte przez inny program- wirtualne napędy usunięte, Avast wyłączony)

Spoiler:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-28 18:59:33
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d TOSHIBA_MQ01ABF050 rev.AM002C 465,76GB
Running: 0uyx4jxj.exe; Driver: C:\Users\PACIA~1\AppData\Local\Temp\kwldapow.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\System32\smss.exe[336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\wininit.exe[632] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\csrss.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\services.exe[728] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\lsass.exe[744] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\dwm.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\dwm.exe[964] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\System32\svchost.exe[980] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\System32\svchost.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\System32\svchost.exe[364] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\svchost.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\svchost.exe[392] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\svchost.exe[572] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1084] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1112] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\dashost.exe[1744] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text c:\Program Files\Intel\iCLS Client\HeciServer.exe[1956] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\svchost.exe[892] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\svchost.exe[2096] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\conhost.exe[2260] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1968] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\taskhostex.exe[2452] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\System32\skydrive.exe[3840] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\igfxsrvc.exe[2600] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffba150169a 4 bytes [50, A1, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffba15016a2 4 bytes [50, A1, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffba150181a 4 bytes [50, A1, FB, 7F]
.text C:\Windows\System32\igfxpers.exe[3440] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffba1501832 4 bytes [50, A1, FB, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffba150169a 4 bytes [50, A1, FB, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffba15016a2 4 bytes [50, A1, FB, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffba150181a 4 bytes [50, A1, FB, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffba1501832 4 bytes [50, A1, FB, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\system32\WSOCK32.dll!setsockopt + 194 00007ffb99da1f6a 4 bytes [DA, 99, FB, 7F]
.text C:\Windows\WindowsMobile\wmdc.exe[3756] C:\Windows\system32\WSOCK32.dll!setsockopt + 218 00007ffb99da1f82 4 bytes [DA, 99, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3740] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3740] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffba150169a 4 bytes [50, A1, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3740] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffba15016a2 4 bytes [50, A1, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3740] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffba150181a 4 bytes [50, A1, FB, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3740] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffba1501832 4 bytes [50, A1, FB, 7F]
.text C:\Windows\system32\svchost.exe[972] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffb99da1f6a 4 bytes [DA, 99, FB, 7F]
.text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffb99da1f82 4 bytes [DA, 99, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffba150169a 4 bytes [50, A1, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffba15016a2 4 bytes [50, A1, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffba150181a 4 bytes [50, A1, FB, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4336] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffba1501832 4 bytes [50, A1, FB, 7F]
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\System32\SettingSyncHost.exe[4392] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\System32\spoolsv.exe[3488] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffba1bfac30 5 bytes JMP 00007ffc21d20460
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00007ffba1bfac80 5 bytes JMP 00007ffc21d20450
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffba1bfade0 1 byte JMP 00007ffc21d20370
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 2 00007ffba1bfade2 3 bytes {JMP 0xffffffff80125590}
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffba1bfae30 5 bytes JMP 00007ffc21d20470
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffba1bfae40 5 bytes JMP 00007ffc21d203e0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00007ffba1bfaef0 5 bytes JMP 00007ffc21d20320
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffba1bfaf20 1 byte JMP 00007ffc21d203b0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffba1bfaf22 3 bytes {JMP 0xffffffff80125490}
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffba1bfaf40 5 bytes JMP 00007ffc21d20390
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffba1bfaf80 5 bytes JMP 00007ffc21d202e0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffba1bfb000 5 bytes JMP 00007ffc21d202d0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00007ffba1bfb020 5 bytes JMP 00007ffc21d20310
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00007ffba1bfb060 5 bytes JMP 00007ffc21d203c0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffba1bfb0b0 5 bytes JMP 00007ffc21d203f0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffba1bfb210 5 bytes JMP 00007ffc21d20230
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffba1bfb400 5 bytes JMP 00007ffc21d20480
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffba1bfb430 5 bytes JMP 00007ffc21d203a0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffba1bfb550 5 bytes JMP 00007ffc21d202f0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffba1bfb570 5 bytes JMP 00007ffc21d20350
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffba1bfb5e0 5 bytes JMP 00007ffc21d20290
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffba1bfb670 5 bytes JMP 00007ffc21d202b0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffba1bfb690 5 bytes JMP 00007ffc21d203d0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffba1bfb6a0 1 byte JMP 00007ffc21d20330
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00007ffba1bfb6a2 3 bytes {JMP 0xffffffff80124c90}
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffba1bfb750 5 bytes JMP 00007ffc21d20410
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffba1bfb780 5 bytes JMP 00007ffc21d20240
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffba1bfbaa0 5 bytes JMP 00007ffc21d201e0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffba1bfbb60 5 bytes JMP 00007ffc21d20250
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffba1bfbb90 5 bytes JMP 00007ffc21d20490
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffba1bfbba0 5 bytes JMP 00007ffc21d204a0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffba1bfbbd0 5 bytes JMP 00007ffc21d20300
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffba1bfbbe0 5 bytes JMP 00007ffc21d20360
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffba1bfbc40 5 bytes JMP 00007ffc21d202a0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffba1bfbc90 5 bytes JMP 00007ffc21d202c0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffba1bfbcc0 5 bytes JMP 00007ffc21d20380
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffba1bfbcd0 5 bytes JMP 00007ffc21d20340
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffba1bfbfe0 5 bytes JMP 00007ffc21d20440
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffba1bfc1e0 5 bytes JMP 00007ffc21d20260
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffba1bfc1f0 5 bytes JMP 00007ffc21d20270
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffba1bfc210 5 bytes JMP 00007ffc21d20400
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffba1bfc3f0 5 bytes JMP 00007ffc21d201f0
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffba1bfc400 5 bytes JMP 00007ffc21d20210
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffba1bfc490 5 bytes JMP 00007ffc21d20200
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffba1bfc500 5 bytes JMP 00007ffc21d20420
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffba1bfc510 5 bytes JMP 00007ffc21d20430
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffba1bfc520 5 bytes JMP 00007ffc21d20220
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00007ffba1bfc630 5 bytes JMP 00007ffc21d20280
.text C:\Windows\system32\AUDIODG.EXE[2596] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffba0df553d 1 byte [62]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [640:664] fffff9600084fb90
Thread C:\Windows\system32\svchost.exe [1524:2344] 00007ffb95941584
Thread C:\Windows\system32\svchost.exe [1524:2432] 00007ffb958d1b30
Thread C:\Windows\system32\svchost.exe [1524:2668] 00007ffb95674608

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

OTL:

Spoiler:

OTL logfile created on: 2014-05-28 19:09:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pańcia\Downloads
64bit- Enterprise Edition (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

7,89 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 75,63% Memory free
15,89 Gb Paging File | 14,06 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,24 Gb Total Space | 357,16 Gb Free Space | 76,77% Space Free | Partition Type: NTFS

Computer Name: DAMESSA | User Name: Pańcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-05-28 19:08:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pańcia\Downloads\OTL.exe
PRC - [2014-05-14 01:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-04-11 04:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginService\PluginService.exe
PRC - [2014-04-01 16:11:12 | 000,049,464 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014-02-14 00:50:05 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2014-02-14 00:50:05 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2014-01-14 19:19:26 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014-01-14 19:19:26 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-09-27 11:45:20 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013-09-27 11:45:20 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013-09-16 13:19:22 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe


========== Modules (No Company Name) ==========

MOD - [2014-05-14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
MOD - [2014-05-14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014-05-14 01:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014-05-14 01:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014-05-14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014-04-16 19:17:05 | 007,802,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7\System.Xml.ni.dll
MOD - [2014-04-16 19:17:00 | 001,874,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\10483ca149b5c651d217edbf2f3169b4\System.Xaml.ni.dll
MOD - [2014-04-16 19:16:58 | 012,856,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\635558b506364815e8348217e86fdf99\System.Windows.Forms.ni.dll
MOD - [2014-04-16 19:16:49 | 019,566,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742\System.ServiceModel.ni.dll
MOD - [2014-04-16 19:16:35 | 002,804,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\183eaaded316165bfbd32a991e4e8c8a\System.Runtime.Serialization.ni.dll
MOD - [2014-04-16 19:16:30 | 001,635,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ddb52221ad0200b7c2e0a308e47d5c7c\System.Drawing.ni.dll
MOD - [2014-04-16 19:16:22 | 000,968,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778\System.Configuration.ni.dll
MOD - [2014-04-16 19:15:55 | 006,951,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30\System.Core.ni.dll
MOD - [2014-04-16 19:15:51 | 010,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721\System.ni.dll
MOD - [2014-01-27 13:52:41 | 017,395,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2014-01-14 19:19:28 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014-04-16 14:25:03 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-03-24 04:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014-03-24 04:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014-03-08 07:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-03-06 09:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-03-06 08:34:46 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-02-22 17:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-02-22 11:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-02-22 11:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-02-22 11:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-02-22 11:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-02-22 11:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-01-27 17:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014-01-14 19:19:26 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-12-10 09:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-11-23 06:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-09-30 06:14:49 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013-09-30 05:59:44 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013-09-30 05:59:43 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013-09-27 11:45:20 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013-08-27 15:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013-08-27 15:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013-08-22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2000-01-01 02:00:00 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2000-01-01 02:00:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014-04-11 04:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService)
SRV - [2014-04-01 16:11:12 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014-02-14 00:50:05 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013-09-30 06:14:48 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013-09-16 13:19:22 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013-09-16 04:14:58 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-08-22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2007-05-31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014-03-24 04:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-03-24 04:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014-03-24 04:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-03-20 05:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-03-13 14:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-03-08 22:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-03-08 22:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-02-22 18:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-02-22 17:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-02-22 17:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-02-22 17:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-02-22 17:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-02-22 17:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-02-22 17:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-02-22 17:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-02-22 14:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-01-14 19:19:53 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014-01-14 19:19:30 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014-01-14 19:19:30 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014-01-14 19:19:30 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-01-14 19:19:30 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-01-14 19:19:30 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-01-14 19:19:30 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-12-04 20:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-11-13 00:05:22 | 003,880,448 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013-11-11 04:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-11-07 08:23:02 | 000,591,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013-11-01 13:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-10-26 03:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013-10-05 17:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-09-30 06:14:48 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-09-30 05:59:47 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013-09-30 05:59:44 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-09-30 05:59:32 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013-09-30 05:59:32 | 000,111,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2013-09-30 05:59:32 | 000,056,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2013-09-30 05:59:32 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-09-30 05:59:31 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013-09-30 05:59:31 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013-09-30 05:59:31 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013-09-27 11:45:00 | 000,630,632 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013-09-16 13:19:22 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013-09-11 11:36:28 | 000,531,184 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013-09-11 11:36:28 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013-09-09 11:41:06 | 000,449,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013-09-09 11:35:40 | 004,170,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-08-23 00:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013-08-23 00:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013-08-22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 14:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013-08-22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 13:38:23 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2013-08-22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 13:38:17 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013-08-22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatformMp)
DRV:64bit: - [2013-08-22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-15 15:28:42 | 000,830,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013-08-13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-22 17:45:58 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2013-02-01 16:12:10 | 000,273,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012-12-13 17:41:10 | 000,028,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3709421861-2782721611-2587054353-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-3709421861-2782721611-2587054353-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3709421861-2782721611-2587054353-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 49 BB 3E E2 50 CF 01 [binary data]
IE - HKU\S-1-5-21-3709421861-2782721611-2587054353-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3709421861-2782721611-2587054353-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3709421861-2782721611-2587054353-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pańcia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Dokumenty Google = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Dysk Google = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Szukaj w Google = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: AdBlock = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.34_0\
CHR - Extension: avast! Online Security = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Google Wallet = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-08-22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [fst_pl_102] File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-21-3709421861-2782721611-2587054353-1001..\Run: [Facebook Update] C:\Users\Pańcia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Pańcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NHL® 09 Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.60 62.179.1.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9169F96-88A7-4A84-84E8-B6A9C3096120}: DhcpNameServer = 62.179.1.60 62.179.1.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6E1D286-FE8E-4F55-997B-017657392FB8}: DhcpNameServer = 62.179.1.60 62.179.1.61
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e8390def-ddd9-11e3-827a-a4db3036cadc}\Shell - "" = AutoRun
O33 - MountPoints2\{e8390def-ddd9-11e3-827a-a4db3036cadc}\Shell\AutoRun\command - "" = "F:\LGAutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-05-17 17:58:06 | 003,880,448 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athwbx.sys
[2014-05-17 17:58:06 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2014-05-17 17:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros
[2014-05-17 17:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2014-05-17 17:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2014-05-15 10:10:53 | 000,000,000 | -HSD | C] -- C:\Users\Pańcia\AppData\Local\EmieUserList
[2014-05-15 10:10:53 | 000,000,000 | -HSD | C] -- C:\Users\Pańcia\AppData\Local\EmieSiteList
[2014-05-14 13:34:46 | 000,000,000 | ---D | C] -- C:\Users\Pańcia\Desktop\genetyka - egzamin
[2014-05-14 07:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014-05-14 07:29:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2014-05-14 07:29:40 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2014-05-14 07:29:36 | 000,257,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2014-05-14 07:29:34 | 000,123,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdNisDrv.sys
[2014-05-14 07:29:33 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2014-05-14 07:29:06 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2014-05-14 07:29:05 | 013,288,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2014-05-14 07:29:05 | 011,792,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2014-05-14 07:29:04 | 001,705,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014-05-14 07:29:04 | 001,054,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.appcore.dll
[2014-05-14 07:29:04 | 000,921,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2014-05-14 07:29:04 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.appcore.dll
[2014-05-14 07:29:04 | 000,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014-05-14 07:29:04 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014-05-14 07:29:04 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014-05-14 07:29:04 | 000,555,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.appcore.dll
[2014-05-14 07:29:04 | 000,419,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.appcore.dll
[2014-05-14 07:29:04 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2014-05-14 07:29:04 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-05-14 07:29:04 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2014-05-14 07:29:04 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-05-14 07:29:04 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014-05-14 07:29:04 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014-05-14 07:29:04 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014-05-14 07:29:04 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014-05-14 07:29:04 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSReset.exe
[2014-05-14 07:29:04 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014-05-14 07:29:04 | 000,054,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014-05-14 07:29:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014-05-14 07:29:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014-05-14 07:29:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014-05-14 07:28:39 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014-05-14 07:28:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014-05-14 07:28:00 | 000,086,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mrt_map.dll
[2014-05-14 07:28:00 | 000,080,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mrt_map.dll
[2014-05-14 07:28:00 | 000,028,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mrt100.dll
[2014-05-14 07:28:00 | 000,026,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mrt100.dll
[2014-05-07 21:34:18 | 000,000,000 | ---D | C] -- C:\Users\Pańcia\Desktop\juwe2014
[2014-05-07 13:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2014-05-03 16:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DFX
[2014-05-03 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\Pańcia\AppData\Local\DFX
[2014-05-03 16:27:10 | 000,000,000 | ---D | C] -- C:\Users\Pańcia\AppData\Roaming\vlc
[2014-05-02 22:43:57 | 000,000,000 | ---D | C] -- C:\Users\Pańcia\Documents\NFSTR
[2014-05-02 22:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2014-05-02 22:17:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2014-05-02 21:58:48 | 000,000,000 | ---D | C] -- C:\Need for Speed The Run
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014-05-28 18:48:19 | 001,828,496 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-05-28 18:48:19 | 000,808,198 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-05-28 18:48:19 | 000,723,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-05-28 18:48:19 | 000,164,014 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-05-28 18:48:19 | 000,136,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-05-28 18:45:23 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-05-28 18:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-05-28 18:44:40 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2014-05-28 18:44:36 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-05-28 18:42:44 | 540,582,361 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014-05-28 18:42:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-05-28 18:42:44 | 2484,092,927 | -HS- | M] () -- C:\hiberfil.sys
[2014-05-28 18:32:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-05-28 11:02:01 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3709421861-2782721611-2587054353-1001UA.job
[2014-05-28 11:02:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3709421861-2782721611-2587054353-1001Core.job
[2014-05-21 00:34:02 | 000,127,268 | ---- | M] () -- C:\Users\Pańcia\Desktop\WIN_20140521_003402.JPG
[2014-05-21 00:31:58 | 000,129,457 | ---- | M] () -- C:\Users\Pańcia\Desktop\WIN_20140521_003158.JPG
[2014-05-06 05:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014-05-06 04:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014-05-01 22:30:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-05-01 22:30:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-04-29 22:08:11 | 000,000,000 | ---- | M] () -- C:\Users\Pańcia\Desktop\pobrane.htm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014-05-21 00:34:02 | 000,127,268 | ---- | C] () -- C:\Users\Pańcia\Desktop\WIN_20140521_003402.JPG
[2014-05-21 00:31:58 | 000,129,457 | ---- | C] () -- C:\Users\Pańcia\Desktop\WIN_20140521_003158.JPG
[2014-04-29 22:08:10 | 000,000,000 | ---- | C] () -- C:\Users\Pańcia\Desktop\pobrane.htm
[2014-04-16 14:34:57 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014-03-18 16:16:47 | 000,004,535 | ---- | C] () -- C:\Users\Pańcia\AppData\Roaming\CamStudio.cfg
[2014-03-18 16:16:47 | 000,000,408 | ---- | C] () -- C:\Users\Pańcia\AppData\Roaming\CamShapes.ini
[2014-03-18 16:16:47 | 000,000,408 | ---- | C] () -- C:\Users\Pańcia\AppData\Roaming\CamLayout.ini
[2014-03-18 16:16:47 | 000,000,046 | ---- | C] () -- C:\Users\Pańcia\AppData\Roaming\Camdata.ini
[2014-03-18 16:14:15 | 000,000,096 | ---- | C] () -- C:\Users\Pańcia\AppData\Roaming\version2.xml
[2014-03-18 14:41:46 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014-02-14 00:50:48 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2014-02-14 00:50:48 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2014-02-12 00:57:08 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014-01-14 20:05:08 | 001,762,308 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-09-09 11:35:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013-09-09 11:35:08 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013-09-09 11:35:06 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013-08-22 17:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013-08-22 17:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013-08-22 16:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013-08-22 09:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013-08-22 05:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013-08-22 01:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013-08-22 01:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013-05-11 18:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014-01-14 21:45:50 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-27 11:12:37 | 021,225,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-27 09:48:28 | 018,679,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014-01-19 19:47:38 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\Audacity
[2014-01-14 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\AVAST Software
[2014-03-13 13:10:55 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\DAEMON Tools Lite
[2014-03-27 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\Leadertech
[2014-01-15 00:48:44 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\Milestone
[2014-02-12 01:02:20 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\MPC-HC
[2014-02-21 22:15:00 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\newnext.me
[2014-04-14 05:19:44 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\SupTab
[2014-01-14 19:23:12 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\Synaptics
[2014-05-21 13:02:00 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\uTorrent
[2014-01-19 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\WAV To MP3
[2014-04-14 05:20:26 | 000,000,000 | ---D | M] -- C:\Users\Pańcia\AppData\Roaming\webssearches

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 65 bytes -> C:\Users\Pańcia\Desktop\WIN_20140521_003402.JPG:ms-properties
@Alternate Data Stream - 65 bytes -> C:\Users\Pańcia\Desktop\WIN_20140521_003158.JPG:ms-properties
@Alternate Data Stream - 237 bytes -> C:\Users\Pańcia\SkyDrive:ms-properties

< End of report >

Extras:

Spoiler:

OTL Extras logfile created on: 2014-05-28 19:09:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pańcia\Downloads
64bit- Enterprise Edition (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

7,89 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 75,63% Memory free
15,89 Gb Paging File | 14,06 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,24 Gb Total Space | 357,16 Gb Free Space | 76,77% Space Free | Partition Type: NTFS

Computer Name: DAMESSA | User Name: Pańcia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3709421861-2782721611-2587054353-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{268E4380-93FF-40A5-8647-3519FD56BF9F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2843EBE0-6CE9-445A-BF7F-AAAE44E9FBF5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{68F844E2-5DDC-40E2-A36C-D9CDA4734494}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7C7D0D97-12E1-4136-8D25-0C21C0A4FEEB}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{85ECCC8C-ECB7-4DCC-A37F-A8D70A6DD41C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B8513317-AC4F-455B-9F2E-1A649AB2C773}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FB0030E8-3472-435C-AFF6-8B69CCD522A8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E5393CC-85EF-4853-8D60-AD2B217A4682}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k14\nba2k14.exe |
"{0E5505F5-D13B-4141-AEA6-13583AA36F6D}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{12F0A0AD-FD72-4E18-9DE4-43357F1BA41A}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{17675552-FC13-4F5F-8E91-FBFE545019CC}" = protocol=6 | dir=in | app=c:\program files (x86)\pes 2013\pes2013.exe |
"{1AE37BAA-4914-4DDF-AC18-975314B7E1F2}" = protocol=6 | dir=in | app=c:\program files (x86)\pes 2013\pes2013.exe |
"{1DD551E5-120B-4E9F-9603-E78E8271CAAD}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{2A576F45-B538-4185-9621-2EA2F6D5C0A6}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{36CED7E9-0F73-4022-B072-754AC8A08987}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{388CE615-F763-47C2-9FEF-5BDE034359CA}" = dir=in | app=c:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013game.exe |
"{3DF88CBC-2CE2-4268-8B2C-5FEEAE5262A8}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{444A1152-FDFD-445D-8DE8-42DE2932CF93}" = protocol=17 | dir=in | app=c:\users\pańcia\appdata\roaming\utorrent\utorrent.exe |
"{44F14F50-FB2B-40D7-9A9D-05DD7647673F}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5637E4E0-65B0-4541-8EBB-1AF2BAC28E82}" = protocol=6 | dir=in | app=c:\users\pańcia\appdata\roaming\utorrent\utorrent.exe |
"{570978E5-B552-4DC5-BD72-5BDAE795C849}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{576F87CF-A9AF-4711-BAAF-5A046CC9F145}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{57A7148C-F088-4DC3-9862-E7F7EB0A7FC1}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5F63DDB1-D7A0-44C1-8986-C140EA1ACBBE}" = dir=in | app=c:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013game.exe |
"{607F4801-689F-44DF-8270-423A5CA67012}" = dir=out | name=@{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{639924BF-9747-4AD1-9C71-9A4C725BEAA0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{63F84608-157B-49F2-8CE4-088ACF2EADB3}" = dir=in | app=c:\users\pańcia\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{6590769C-5481-41AA-8885-E511E48D0BF4}" = dir=out | name=@{microsoft.zunemusic_2.2.886.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{6940F12D-90A5-47E8-9CC4-7C899284860C}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{6BCA40DD-8963-4C83-866F-803DB8026F8C}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6CBACDB6-D610-4E28-A2A9-83045A8EB74D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{726EFAB3-66F1-4A04-B86B-D7E3159323E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{74168EC7-1527-4728-90C8-AF1C3D1ADC28}" = dir=out | name=skype |
"{75749171-8BCF-40AF-81A4-EA0A795EA2BA}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{7DD28D32-0BBC-4264-B08A-80F8A7CD74A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7E25E61C-5788-4A0D-B088-AA25229B2859}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k14\nba2k14.exe |
"{80C1622E-80DE-4F4A-9758-9AB3E8CFF995}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{828216FD-38C1-499E-BC38-E31F03D1745E}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{8B8E2818-2A88-4D33-A048-A2AAC2769358}" = dir=out | name=windows_ie_ac_001 |
"{9240B09D-7F47-4248-ACCE-E0BD44702D44}" = dir=out | name=@{microsoft.bingnews_3.0.2.261_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A1372726-0F2C-4DC8-B921-07DC838663C4}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A7D03F0C-CA5C-428A-8F3B-C6CE4529F191}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{A7E379CD-51C1-47B4-BFBF-F6FB7449461B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B0DADD37-0CB8-4955-9D9B-C05F302AE172}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8CAA20E-7F54-4397-A04E-2D39ECDC4E34}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C11A5E58-D7F1-4CA8-BB82-8B66E60EEEDC}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{C5104F7E-F5E5-485A-BD57-DDC391CC8E76}" = dir=in | app=c:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013.exe |
"{CD7F71B5-148E-4FAB-8BCF-E2257D92D677}" = dir=in | app=c:\program files (x86)\cdp.pl\farming simulator 2013\farmingsimulator2013.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DD1E2896-8ABE-4A2B-BFE3-2DD80BFE6FE3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E6048B79-21C4-41A1-B75F-4B8A03C58699}" = protocol=17 | dir=in | app=c:\program files (x86)\pes 2013\pes2013.exe |
"{E7D3669E-79F4-4ECB-93FC-8835B816E128}" = dir=in | name=skype |
"{EBD1976A-4A23-4C2A-BBC7-0ECE2E897722}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{EC079B8E-6B35-4233-A7FF-17146D669A00}" = protocol=17 | dir=in | app=c:\program files (x86)\pes 2013\pes2013.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F7735E28-7795-4713-AE34-20F782118C21}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FA8F2BA5-B3B7-4F03-A5BC-C5A68CBA6863}" = dir=out | name=@{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"TCP Query User{777A606A-BC5D-4E21-8465-27BA6FE9829F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{9DBC8C8C-A39A-469E-9B2C-1F351E58707F}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe |
"TCP Query User{D3178C14-BB6D-485C-9486-C88FDA92DBE7}C:\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=c:\need for speed the run\need for speed the run.exe |
"UDP Query User{16407940-D720-46E9-9E53-C7E5742FCF1F}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe |
"UDP Query User{39C5152A-7E20-432A-8D2D-A72320F3E982}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{F2E0587E-5DFC-4094-AB07-7660F19BDAAE}C:\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=c:\need for speed the run\need for speed the run.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum obsługi urządzeń z systemem Windows Mobile
"{6879B3DC-9DEF-4D60-BFF0-C96F2588685D}" = Intel(R) Rapid Storage Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0415-1000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0016-0415-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0018-0415-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0019-0415-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-001A-0415-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001B-0415-1000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2010
"{90140000-0044-0415-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-00A1-0415-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00BA-0415-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}" = NBA 2K14
"{52644103-70EE-47F6-9BBB-AA4514B59615}_is1" = Farming Simulator 2013
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FD2930-C361-47F6-822E-71B021526778}" = HP Support Solutions Framework
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.3.0 Full
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 5.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3709421861-2782721611-2587054353-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2014-04-12 10:50:36 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 13:46:12 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 13:46:23 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 14:53:41 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 14:54:05 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 15:58:39 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 15:59:44 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 16:01:09 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 16:01:52 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 2014-04-12 16:02:47 | Computer Name = Damessa | Source = Software Protection Platform Service | ID = 8198
Description = Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007000D
Argumenty
wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

[ System Events ]
Error - 2014-05-16 17:05:23 | Computer Name = DAMESSA | Source = BugCheck | ID = 1001
Description =

Error - 2014-05-17 11:43:12 | Computer Name = Damessa | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 17:37:55 na ?2014-?05-?17 było
nieoczekiwane.

Error - 2014-05-17 11:43:16 | Computer Name = DAMESSA | Source = BugCheck | ID = 1001
Description =

Error - 2014-05-22 18:12:42 | Computer Name = Damessa | Source = Service Control Manager | ID = 7023
Description = Usługa Wstępne ładowanie do pamięci zakończyła działanie; wystąpił
następujący błąd: %%1062

Error - 2014-05-28 10:13:57 | Computer Name = Damessa | Source = MEIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.

Error - 2014-05-28 12:42:51 | Computer Name = Damessa | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 18:31:40 na ?2014-?05-?28 było
nieoczekiwane.

Error - 2014-05-28 12:42:55 | Computer Name = DAMESSA | Source = BugCheck | ID = 1001
Description =

Error - 2014-05-28 12:49:13 | Computer Name = Damessa | Source = Service Control Manager | ID = 7034
Description = Usługa Andrea RT Filters Service niespodziewanie zakończyła pracę.
Wystąpiło to razy: 1.

Error - 2014-05-28 12:52:14 | Computer Name = Damessa | Source = Service Control Manager | ID = 7031
Description = Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to
razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2014-05-28 12:52:38 | Computer Name = Damessa | Source = Service Control Manager | ID = 7031
Description = Usługa KMService niespodziewanie zakończyła pracę. Wystąpiło to razy:
1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.


< End of report >

Pozdrawiam

[NieWiem]

Pobierz FRST w wersji zgodnej z Twoim systemem - 64bit.
Zapisz na pulpicie, uruchom, kliknij scan.
Wygeneruje dwa logi. Obydwa proszę załączyć na forum.

[odyniec]

FRST

Spoiler:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Pańcia (administrator) on DAMESSA on 29-05-2014 09:24:27
Running from C:\Users\Pańcia\Desktop
Platform: Windows 8.1 Enterprise (Update 1) (X64) OS Language: Polish
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\KMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\srvany.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-14] (AVAST Software)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [fst_pl_102] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3709421861-2782721611-2587054353-1001\...\Run: [Facebook Update] => C:\Users\Pańcia\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-25] (Facebook Inc.)
HKU\S-1-5-21-3709421861-2782721611-2587054353-1001\...\MountPoints2: {e8390def-ddd9-11e3-827a-a4db3036cadc} - "F:\LGAutoRun.exe"
Startup: C:\Users\Pańcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NHL® 09 Registration.lnk
ShortcutTarget: NHL® 09 Registration.lnk -> C:\Program Files (x86)\EA Sports\NHL 09\Support\EAregister.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D49BB3EE250CF01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Pańcia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome:
=======
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1397445513&from=slbnew&uid=TOSHIBAXMQ01ABF050_93C5SC5KSXX93C5SC5KS"
CHR Extension: (Dokumenty Google) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14]
CHR Extension: (Dysk Google) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14]
CHR Extension: (YouTube) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14]
CHR Extension: (Adblock Plus) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-14]
CHR Extension: (Szukaj w Google) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-03-15]
CHR Extension: (AdBlock) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-05]
CHR Extension: (avast! Online Security) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-14]
CHR Extension: (Google Wallet) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-14]
CHR Extension: (Gmail) - C:\Users\Pańcia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-14]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-14] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-02-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2000-01-01] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-14] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-14] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-02-01] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-11] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-05-29] ()
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
U3 kwldapow; \??\C:\Users\PACIA~1\AppData\Local\Temp\kwldapow.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 09:24 - 2014-05-29 09:24 - 00015769 _____ () C:\Users\Pańcia\Desktop\FRST.txt
2014-05-29 09:24 - 2014-05-29 09:24 - 00000000 ____D () C:\FRST
2014-05-29 09:23 - 2014-05-29 09:23 - 02066944 _____ (Farbar) C:\Users\Pańcia\Desktop\FRST64.exe
2014-05-28 19:17 - 2014-05-28 19:17 - 00124966 _____ () C:\Users\Pańcia\Downloads\OTL.Txt
2014-05-28 19:17 - 2014-05-28 19:17 - 00058122 _____ () C:\Users\Pańcia\Downloads\Extras.Txt
2014-05-28 19:08 - 2014-05-28 19:08 - 00602112 _____ (OldTimer Tools) C:\Users\Pańcia\Downloads\OTL.exe
2014-05-28 18:46 - 2014-05-28 18:46 - 00380416 _____ () C:\Users\Pańcia\Downloads\0uyx4jxj.exe
2014-05-28 18:42 - 2014-05-28 18:42 - 00285880 _____ () C:\Windows\Minidump\052814-24062-01.dmp
2014-05-28 18:30 - 2014-05-28 18:30 - 00380416 _____ () C:\Users\Pańcia\Downloads\r6el50lq.exe
2014-05-28 18:27 - 2014-05-28 18:27 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\Pańcia\Downloads\SPTDinst-v186-x64.exe
2014-05-28 18:27 - 2014-05-28 18:27 - 00522360 _____ (Duplex Secure Ltd.) C:\Users\Pańcia\Downloads\SPTDinst-v186-x86.exe
2014-05-17 17:59 - 2014-05-17 18:10 - 155149128 _____ (Hewlett-Packard ) C:\Users\Pańcia\Downloads\sp64445.exe
2014-05-17 17:58 - 2014-05-17 18:13 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-05-17 17:58 - 2014-05-17 17:58 - 00000000 ____D () C:\Windows\Options
2014-05-17 17:58 - 2014-05-17 17:58 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-05-17 17:58 - 2013-11-13 00:05 - 03880448 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athwbx.sys
2014-05-17 17:57 - 2014-05-17 17:58 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-05-17 17:54 - 2014-05-17 17:56 - 38821840 _____ (Hewlett-Packard Company ) C:\Users\Pańcia\Downloads\sp65428.exe
2014-05-17 17:52 - 2014-05-17 17:52 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-17 17:50 - 2014-05-17 17:50 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-05-17 17:49 - 2014-05-17 17:49 - 04583424 _____ () C:\Users\Pańcia\Downloads\HPSupportSolutionsFramework.msi
2014-05-17 17:43 - 2014-05-17 17:43 - 00285992 _____ () C:\Windows\Minidump\051714-17218-01.dmp
2014-05-15 10:10 - 2014-05-15 10:10 - 00000000 __SHD () C:\Users\Pańcia\AppData\Local\EmieUserList
2014-05-15 10:10 - 2014-05-15 10:10 - 00000000 __SHD () C:\Users\Pańcia\AppData\Local\EmieSiteList
2014-05-14 13:38 - 2014-05-14 13:38 - 00057367 _____ () C:\Users\Pańcia\Downloads\Gmail.zip
2014-05-14 13:36 - 2014-05-14 13:37 - 07229972 _____ () C:\Users\Pańcia\Downloads\egzamingenetyka10_06_2014_.zip
2014-05-14 13:34 - 2014-05-14 13:34 - 00000000 ____D () C:\Users\Pańcia\Desktop\genetyka - egzamin
2014-05-14 07:49 - 2014-05-14 07:49 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 07:29 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-14 07:29 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-14 07:29 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-14 07:29 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-14 07:29 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-14 07:29 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-14 07:29 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-14 07:29 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-14 07:29 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-14 07:29 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-14 07:29 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 07:29 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-14 07:29 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 07:29 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-14 07:29 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-14 07:29 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-14 07:29 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-14 07:29 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-14 07:29 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-14 07:29 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-14 07:29 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-14 07:29 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-14 07:29 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-14 07:29 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-14 07:29 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-14 07:29 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-14 07:29 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-14 07:29 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 07:29 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-14 07:29 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 07:29 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-14 07:29 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-14 07:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 07:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 07:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 07:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 07:28 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-14 07:28 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-14 07:28 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-14 07:28 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-14 07:27 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 07:27 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-07 21:34 - 2014-05-07 21:41 - 00000000 ____D () C:\Users\Pańcia\Desktop\juwe2014
2014-05-07 21:34 - 2014-05-07 21:34 - 25827175 _____ () C:\Users\Pańcia\Downloads\zip
2014-05-07 13:43 - 2014-05-07 13:43 - 00000000 ____D () C:\Program Files (x86)\SEGA
2014-05-07 12:21 - 2014-05-07 12:30 - 00000000 ____D () C:\Users\Pańcia\Downloads\Football Manager 2013-SKIDROW
2014-05-04 18:59 - 2014-05-04 18:59 - 00285992 _____ () C:\Windows\Minidump\050414-16531-01.dmp
2014-05-04 00:27 - 2014-05-04 00:28 - 00285992 _____ () C:\Windows\Minidump\050414-27656-01.dmp
2014-05-03 16:28 - 2014-05-03 16:28 - 00000000 ____D () C:\Users\Pańcia\AppData\Local\DFX
2014-05-03 16:28 - 2014-05-03 16:28 - 00000000 ____D () C:\ProgramData\DFX
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Pańcia\AppData\Roaming\vlc
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Gość\AppData\Roaming\Winamp
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Gość\AppData\Roaming\vlc
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Gość
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Administrator
2014-05-03 16:26 - 2014-05-03 16:26 - 05214281 _____ () C:\Users\Pańcia\Downloads\DF_Au_En.11.113 By MR ! HERO.rar
2014-05-03 14:26 - 2014-05-03 14:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 14:26 - 2014-05-03 14:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 22:43 - 2014-05-02 22:45 - 00000000 ____D () C:\Users\Pańcia\Documents\NFSTR
2014-05-02 21:58 - 2014-05-02 22:30 - 00000000 ____D () C:\Need for Speed The Run
2014-05-02 20:46 - 2014-05-02 21:51 - 00000000 ____D () C:\Users\Pańcia\Downloads\Need.For.Speed.The.Run-RELOADED
2014-04-29 22:08 - 2014-04-29 22:08 - 00000000 _____ () C:\Users\Pańcia\Desktop\pobrane.htm

==================== One Month Modified Files and Folders =======

2014-05-29 09:24 - 2014-05-29 09:24 - 00015769 _____ () C:\Users\Pańcia\Desktop\FRST.txt
2014-05-29 09:24 - 2014-05-29 09:24 - 00000000 ____D () C:\FRST
2014-05-29 09:23 - 2014-05-29 09:23 - 02066944 _____ (Farbar) C:\Users\Pańcia\Desktop\FRST64.exe
2014-05-29 09:13 - 2014-01-14 17:57 - 01235988 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 09:06 - 2014-01-14 18:04 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3709421861-2782721611-2587054353-1001
2014-05-29 09:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-05-29 08:56 - 2013-09-30 06:15 - 01828496 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 08:56 - 2013-09-30 05:56 - 00808198 _____ () C:\Windows\system32\perfh015.dat
2014-05-29 08:56 - 2013-09-30 05:56 - 00164014 _____ () C:\Windows\system32\perfc015.dat
2014-05-29 08:54 - 2014-01-14 19:08 - 00002209 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-29 08:54 - 2014-01-14 19:07 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 08:53 - 2014-01-19 16:30 - 00000000 __RDO () C:\Users\Pańcia\SkyDrive
2014-05-29 08:53 - 2014-01-14 19:06 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-29 08:53 - 2014-01-14 19:06 - 00000428 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-05-29 00:47 - 2014-01-14 17:57 - 00000000 ____D () C:\Users\Pańcia
2014-05-29 00:38 - 2014-01-14 19:06 - 00003984 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6F659EB0-7B5B-40DC-8231-5574F398A966}
2014-05-29 00:32 - 2014-01-14 19:07 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 23:02 - 2014-03-25 11:57 - 00000948 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3709421861-2782721611-2587054353-1001UA.job
2014-05-28 19:17 - 2014-05-28 19:17 - 00124966 _____ () C:\Users\Pańcia\Downloads\OTL.Txt
2014-05-28 19:17 - 2014-05-28 19:17 - 00058122 _____ () C:\Users\Pańcia\Downloads\Extras.Txt
2014-05-28 19:08 - 2014-05-28 19:08 - 00602112 _____ (OldTimer Tools) C:\Users\Pańcia\Downloads\OTL.exe
2014-05-28 18:46 - 2014-05-28 18:46 - 00380416 _____ () C:\Users\Pańcia\Downloads\0uyx4jxj.exe
2014-05-28 18:44 - 2014-01-14 19:45 - 00003490 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-28 18:44 - 2014-01-14 19:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-28 18:43 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 18:42 - 2014-05-28 18:42 - 00285880 _____ () C:\Windows\Minidump\052814-24062-01.dmp
2014-05-28 18:42 - 2014-02-04 22:05 - 540582361 _____ () C:\Windows\MEMORY.DMP
2014-05-28 18:42 - 2014-02-04 22:05 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 18:42 - 2013-09-29 21:05 - 00014036 _____ () C:\Windows\PFRO.log
2014-05-28 18:30 - 2014-05-28 18:30 - 00380416 _____ () C:\Users\Pańcia\Downloads\r6el50lq.exe
2014-05-28 18:27 - 2014-05-28 18:27 - 00623224 _____ (Duplex Secure Ltd.) C:\Users\Pańcia\Downloads\SPTDinst-v186-x64.exe
2014-05-28 18:27 - 2014-05-28 18:27 - 00522360 _____ (Duplex Secure Ltd.) C:\Users\Pańcia\Downloads\SPTDinst-v186-x86.exe
2014-05-28 16:14 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-28 11:02 - 2014-03-25 11:57 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3709421861-2782721611-2587054353-1001Core.job
2014-05-23 10:58 - 2014-01-18 15:05 - 00000000 ____D () C:\Users\Pańcia\Documents\Traktor3
2014-05-23 00:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-21 13:02 - 2014-01-14 19:10 - 00000000 ____D () C:\Users\Pańcia\AppData\Roaming\uTorrent
2014-05-21 00:07 - 2013-08-22 16:46 - 00035046 _____ () C:\Windows\setupact.log
2014-05-18 00:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-17 18:15 - 2014-01-14 20:30 - 00021048 _____ () C:\Windows\DPINST.LOG
2014-05-17 18:15 - 2014-01-14 20:30 - 00001336 _____ () C:\Windows\Synaptics.log
2014-05-17 18:13 - 2014-05-17 17:58 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-05-17 18:12 - 2014-01-14 18:24 - 00000000 ____D () C:\SWSetup
2014-05-17 18:10 - 2014-05-17 17:59 - 155149128 _____ (Hewlett-Packard ) C:\Users\Pańcia\Downloads\sp64445.exe
2014-05-17 17:58 - 2014-05-17 17:58 - 00000000 ____D () C:\Windows\Options
2014-05-17 17:58 - 2014-05-17 17:58 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-05-17 17:58 - 2014-05-17 17:57 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-05-17 17:58 - 2014-01-14 18:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-17 17:56 - 2014-05-17 17:54 - 38821840 _____ (Hewlett-Packard Company ) C:\Users\Pańcia\Downloads\sp65428.exe
2014-05-17 17:52 - 2014-05-17 17:52 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-17 17:50 - 2014-05-17 17:50 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-05-17 17:50 - 2014-01-14 18:44 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-17 17:49 - 2014-05-17 17:49 - 04583424 _____ () C:\Users\Pańcia\Downloads\HPSupportSolutionsFramework.msi
2014-05-17 17:43 - 2014-05-17 17:43 - 00285992 _____ () C:\Windows\Minidump\051714-17218-01.dmp
2014-05-15 10:10 - 2014-05-15 10:10 - 00000000 __SHD () C:\Users\Pańcia\AppData\Local\EmieUserList
2014-05-15 10:10 - 2014-05-15 10:10 - 00000000 __SHD () C:\Users\Pańcia\AppData\Local\EmieSiteList
2014-05-14 13:38 - 2014-05-14 13:38 - 00057367 _____ () C:\Users\Pańcia\Downloads\Gmail.zip
2014-05-14 13:37 - 2014-05-14 13:36 - 07229972 _____ () C:\Users\Pańcia\Downloads\egzamingenetyka10_06_2014_.zip
2014-05-14 13:34 - 2014-05-14 13:34 - 00000000 ____D () C:\Users\Pańcia\Desktop\genetyka - egzamin
2014-05-14 12:38 - 2014-01-14 17:58 - 00000000 ___RD () C:\Users\Pańcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 12:38 - 2014-01-14 17:58 - 00000000 ___RD () C:\Users\Pańcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 08:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-14 08:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 08:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 08:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-14 08:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 08:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 07:50 - 2014-02-14 00:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 07:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-14 07:49 - 2014-05-14 07:49 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 07:49 - 2014-01-18 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 07:48 - 2014-01-18 22:57 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 07:48 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-09 22:27 - 2014-01-14 19:07 - 00004036 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 22:27 - 2014-01-14 19:07 - 00003800 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 21:41 - 2014-05-07 21:34 - 00000000 ____D () C:\Users\Pańcia\Desktop\juwe2014
2014-05-07 21:34 - 2014-05-07 21:34 - 25827175 _____ () C:\Users\Pańcia\Downloads\zip
2014-05-07 13:43 - 2014-05-07 13:43 - 00000000 ____D () C:\Program Files (x86)\SEGA
2014-05-07 12:30 - 2014-05-07 12:21 - 00000000 ____D () C:\Users\Pańcia\Downloads\Football Manager 2013-SKIDROW
2014-05-06 06:40 - 2014-05-14 07:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 07:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 07:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 07:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 18:59 - 2014-05-04 18:59 - 00285992 _____ () C:\Windows\Minidump\050414-16531-01.dmp
2014-05-04 00:28 - 2014-05-04 00:27 - 00285992 _____ () C:\Windows\Minidump\050414-27656-01.dmp
2014-05-03 16:28 - 2014-05-03 16:28 - 00000000 ____D () C:\Users\Pańcia\AppData\Local\DFX
2014-05-03 16:28 - 2014-05-03 16:28 - 00000000 ____D () C:\ProgramData\DFX
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Pańcia\AppData\Roaming\vlc
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Gość\AppData\Roaming\Winamp
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Gość\AppData\Roaming\vlc
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Gość
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2014-05-03 16:27 - 2014-05-03 16:27 - 00000000 ____D () C:\Users\Administrator
2014-05-03 16:27 - 2014-01-18 14:54 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-03 16:26 - 2014-05-03 16:26 - 05214281 _____ () C:\Users\Pańcia\Downloads\DF_Au_En.11.113 By MR ! HERO.rar
2014-05-03 14:26 - 2014-05-03 14:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 14:26 - 2014-05-03 14:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 22:45 - 2014-05-02 22:43 - 00000000 ____D () C:\Users\Pańcia\Documents\NFSTR
2014-05-02 22:44 - 2014-01-14 21:44 - 00230675 _____ () C:\Windows\DirectX.log
2014-05-02 22:30 - 2014-05-02 21:58 - 00000000 ____D () C:\Need for Speed The Run
2014-05-02 21:51 - 2014-05-02 20:46 - 00000000 ____D () C:\Users\Pańcia\Downloads\Need.For.Speed.The.Run-RELOADED
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 22:08 - 2014-04-29 22:08 - 00000000 _____ () C:\Users\Pańcia\Desktop\pobrane.htm

Files to move or delete:
====================
C:\Users\Pańcia\AppData\Roaming\CamLayout.ini
C:\Users\Pańcia\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Pańcia\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pańcia\AppData\Local\Temp\bitool.dll
C:\Users\Pańcia\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Pańcia\AppData\Local\Temp\gwunstal.exe
C:\Users\Pańcia\AppData\Local\Temp\ose00000.exe
C:\Users\Pańcia\AppData\Local\Temp\PidGenX.dll
C:\Users\Pańcia\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 17:47

==================== End Of Log ============================

Addition

Spoiler:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Pańcia at 2014-05-29 09:25:01
Running from C:\Users\Pańcia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2011 - Avast Software)
Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F2CE207D-C146-4BFD-A1C2-219483C58819}) (Version: - Microsoft)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farming Simulator 2013 (HKLM-x32\...\{52644103-70EE-47F6-9BBB-AA4514B59615}_is1) (Version: 1.3.0.0 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.6.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Microsoft Office Access MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Polish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.2.0.367 - Native Instruments) Hidden
Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version: - Native Instruments)
Native Instruments Traktor (Version: 1.2.1.7692 - Native Instruments) Hidden
Native Instruments Traktor DJ Studio 3 (HKLM-x32\...\Native Instruments Traktor DJ Studio 3) (Version: - )
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Pro Evolution Soccer 2013 (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.1 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0415-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0415-1000-0000000FF1CE}_Office14.PROPLUS_{914FE0E1-D442-4CD9-8FF3-C2984101EE2C}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0415-1000-0000000FF1CE}_Office14.PROPLUS_{CB77918E-0607-49BB-9945-786CBA74A6AF}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points =========================

14-05-2014 05:45:29 Windows Update
17-05-2014 15:49:35 Installed HP Support Solutions Framework
26-05-2014 08:22:30 Zaplanowany punkt kontrolny

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {420965D4-4427-42C8-8585-6DF27061B92B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {4328B2ED-49D4-44FC-AE7E-4F608A304012} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {48389F2A-9123-46FE-B89C-BB7B819A5666} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54EA388A-6149-47F5-B358-A59DE700303F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {841BD294-0FCD-4FDC-88CF-18EA5AB78CE8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9558821D-A689-4B1B-BE6B-A41CC4F0D3C6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-01-14] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A2B282B9-27DD-40A5-A98F-6959A4236735} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {B2BCCF2C-5350-44FA-BFD2-75EBAB2D4AD1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {C7E628B9-7D8E-49B5-8F51-52176435838D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D212045E-9547-48C7-9A7A-EC34897E8139} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3709421861-2782721611-2587054353-1001UA => C:\Users\Pańcia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-25] (Facebook Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D911AB83-07CB-44EE-817D-D20022551884} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3709421861-2782721611-2587054353-1001Core => C:\Users\Pańcia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-25] (Facebook Inc.)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F5550734-8070-4D5D-9639-0A257428C80F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {FD77209F-0339-4D3A-A6FD-F5F7A081AF44} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-14] (AVAST Software)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3709421861-2782721611-2587054353-1001Core.job => C:\Users\PaD
cia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3709421861-2782721611-2587054353-1001UA.job => C:\Users\PaD
cia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2014-02-14 00:50 - 2014-02-14 00:50 - 00151552 _____ () C:\Windows\KMService.exe
2014-02-14 00:50 - 2014-02-14 00:50 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-03 13:45 - 2013-09-03 13:45 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-27 23:48 - 2014-05-27 22:00 - 02256384 _____ () C:\Program Files\AVAST Software\Avast\defs\14052701\algo.dll
2014-05-28 22:48 - 2014-05-28 18:49 - 02259456 _____ () C:\Program Files\AVAST Software\Avast\defs\14052801\algo.dll
2014-01-14 19:19 - 2014-01-14 19:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Pańcia\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Pańcia\Desktop\WIN_20140521_003158.JPG:ms-properties
AlternateDataStreams: C:\Users\Pańcia\Desktop\WIN_20140521_003402.JPG:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 09:23:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2014 09:23:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2014 08:53:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (05/29/2014 08:36:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2014 08:36:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2014 08:36:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2014 11:11:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2014 11:10:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2014 11:10:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2014 10:30:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0x8007000D
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (05/28/2014 06:52:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa KMService niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (05/28/2014 06:52:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Bufor wydruku niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (05/28/2014 06:49:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Andrea RT Filters Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (05/28/2014 06:42:55 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a01f5979ed1859, 0xb3b72bdfcc6d1790, 0xfffff800a8aab080, 0x0000000000000002)C:\Windows\MEMORY.DMP052814-24062-01

Error: (05/28/2014 06:42:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 18:31:40 na ‎2014-‎05-‎28 było nieoczekiwane.

Error: (05/28/2014 04:13:57 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware.

Error: (05/23/2014 00:12:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa Wstępne ładowanie do pamięci zakończyła działanie; wystąpił następujący błąd:
%%1062

Error: (05/17/2014 05:43:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000133 (0x0000000000000000, 0x0000000000000501, 0x0000000000000500, 0x0000000000000000)C:\Windows\MEMORY.DMP051714-17218-01

Error: (05/17/2014 05:43:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Poprzednie zamknięcie systemu przy 17:37:55 na ‎2014-‎05-‎17 było nieoczekiwane.

Error: (05/16/2014 11:05:23 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000133 (0x0000000000000000, 0x0000000000000501, 0x0000000000000500, 0x0000000000000000)C:\Windows\MEMORY.DMP


Microsoft Office Sessions:
=========================
Error: (05/29/2014 09:23:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2014 09:23:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2014 08:53:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (05/29/2014 08:36:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2014 08:36:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/29/2014 08:36:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2014 11:11:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2014 11:10:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2014 11:10:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/28/2014 10:30:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007000DRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 8081.27 MB
Available physical RAM: 6789.04 MB
Total Pagefile: 16273.27 MB
Available Pagefile: 15122.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.24 GB) (Free:356.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9933CA03)

Partition: GPT Partition Type.

==================== End Of Log ============================

[NieWiem]

Pobierz CKScanner
Zapisz na pulpicie. Uruchom jako Administrator i wybierz Search For Files.
Gdy program ukończy wybierz opcję Save List To File
Przeklej zawartość utworzonego pliku

[odyniec]

Spoiler:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\windows\kmservice.exe
c:\windows\autokms\autokms.exe
c:\windows\prefetch\keygen.exe-ea36bdf4.pf
c:\windows\prefetch\kmservice.exe-9d935429.pf
c:\windows\system32\config\systemprofile\appdata\local\microsoft\clr_v4.0_32\usagelogs\autokms.exe.log
c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\clr_v4.0_32\usagelogs\autokms.exe.log
scanner sequence 3.FN.11.VWAPQZ
----- EOF -----

[NieWiem]

Powiem wprost - widzę tutaj nielegalne crackowane rzeczy.
Dopóki nie zostaną usunięte z systemu, nie pomogę dalej.