GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-24 15:48:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465.76GB Running: 11jmc6uj.exe; Driver: C:\Users\Kamil\AppData\Local\Temp\uxdcaaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\services.exe[804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\lsass.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\System32\svchost.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\System32\svchost.exe[492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[1156] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe[1516] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2368] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100110a08 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001004c075c .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004c03a4 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001004c0b14 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001004c0ecc .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001004c163c .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001004c1284 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004c19f4 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2404] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100111014 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100110c0c .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100110e10 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2416] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100191014 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100190804 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100190a08 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100190c0c .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100190e10 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001901f8 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001903fc .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100190600 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001a01f8 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001a03fc .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 00000001001a0804 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 00000001001a0600 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2460] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 00000001001a0a08 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001002c075c .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001002c03a4 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001002c0b14 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001002c0ecc .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001002c163c .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001002c1284 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001002c19f4 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2500] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100091014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100090a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100090c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100090e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001601f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001603fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100160804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100160600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100160a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d51465 2 bytes [D5, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d514bb 2 bytes [D5, 76] .text ... * 2 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001901f8 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001903fc .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100190804 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100190600 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100190a08 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 00000001001a1014 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 00000001001a0804 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 00000001001a0a08 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 00000001001a0c0c .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 00000001001a0e10 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001a01f8 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001a03fc .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2568] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 00000001001a0600 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001001f8 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001003fc .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100100804 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100100600 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100100a08 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100111014 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100110804 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100110a08 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100110c0c .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100110e10 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001101f8 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001103fc .text C:\ProgramData\MobileBrServ\mbbservice.exe[2624] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010048075c .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004803a4 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100480b14 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100480ecc .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010048163c .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100481284 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004819f4 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2696] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001000d01f8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001000d03fc .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 00000001000d0804 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 00000001000d0600 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 00000001000d0a08 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 00000001001e1014 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 00000001001e0c0c .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 00000001001e0e10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d51465 2 bytes [D5, 76] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d514bb 2 bytes [D5, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001002301f8 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001002303fc .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100230804 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100230600 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100230a08 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100241014 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100240804 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100240a08 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100240c0c .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100240e10 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001002401f8 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001002403fc .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100240600 .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073ed1a22 2 bytes [ED, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073ed1ad0 2 bytes [ED, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073ed1b08 2 bytes [ED, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073ed1bba 2 bytes [ED, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2760] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073ed1bda 2 bytes [ED, 73] .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001002301f8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001002303fc .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100230804 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100230600 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100230a08 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2788] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2820] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100091014 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100090a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100090c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100090e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2968] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 00000001000a0a08 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001003e075c .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001003e03a4 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001003e0b14 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001003e0ecc .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001003e163c .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001003e1284 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001003e19f4 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\svchost.exe[3020] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\svchost.exe[3020] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3128] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 00000001000d1014 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 00000001000d0804 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 00000001000d0a08 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 00000001000d0c0c .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 00000001000d0e10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001000d01f8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001000d03fc .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 00000001000d0600 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001000e01f8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001000e03fc .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 00000001000e0804 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 00000001000e0600 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 00000001000e0a08 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d51465 2 bytes [D5, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d514bb 2 bytes [D5, 76] .text ... * 2 .text C:\Windows\System32\alg.exe[3524] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\System32\alg.exe[3524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\System32\alg.exe[3524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\System32\alg.exe[3524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\System32\alg.exe[3524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\System32\alg.exe[3524] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\System32\alg.exe[3524] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\System32\alg.exe[3524] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\svchost.exe[3732] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2596] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1640] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d51465 2 bytes [D5, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d514bb 2 bytes [D5, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001000d01f8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001000d03fc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 00000001000d0804 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 00000001000d0600 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 00000001000d0a08 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 00000001000e1014 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 00000001000e0804 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 00000001000e0a08 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 00000001000e0c0c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 00000001000e0e10 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001000e01f8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001000e03fc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2204] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 00000001000e0600 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010017075c .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001001703a4 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100170b14 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100170ecc .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010017163c .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100171284 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001001719f4 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000077078550 5 bytes JMP 000000010036075c .text C:\Windows\System32\svchost.exe[2316] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007707d440 5 bytes JMP 0000000100361284 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007707f874 5 bytes JMP 0000000100360ecc .text C:\Windows\System32\svchost.exe[2316] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077084d4c 5 bytes JMP 00000001003603a4 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077098c20 5 bytes JMP 0000000100360b14 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\wbem\wmiprvse.exe[3840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\wbem\wmiprvse.exe[3840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\wbem\wmiprvse.exe[3840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\wbem\wmiprvse.exe[3840] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\wbem\wmiprvse.exe[3840] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010012075c .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001001203a4 .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100120b14 .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100120ecc .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010012163c .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100121284 .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001001219f4 .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\SearchIndexer.exe[3516] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4056] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100110a08 .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001001c075c .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001001c03a4 .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001001c0b14 .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001001c0ecc .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001001c163c .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001001c1284 .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001001c19f4 .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\taskhost.exe[1108] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010016075c .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001001603a4 .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100160b14 .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100160ecc .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010016163c .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100161284 .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001001619f4 .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\Dwm.exe[3412] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010025075c .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001002503a4 .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100250b14 .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100250ecc .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010025163c .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100251284 .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001002519f4 .text C:\Windows\Explorer.EXE[1604] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\Explorer.EXE[1604] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010044075c .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004403a4 .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100440b14 .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100440ecc .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010044163c .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100441284 .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004419f4 .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\System32\igfxtray.exe[1228] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010030075c .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001003003a4 .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100300b14 .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100300ecc .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010030163c .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100301284 .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001003019f4 .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\System32\hkcmd.exe[2560] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010020075c .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001002003a4 .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100200b14 .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100200ecc .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010020163c .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100201284 .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001002019f4 .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\System32\igfxpers.exe[296] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010041075c .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004103a4 .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100410b14 .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100410ecc .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010041163c .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100411284 .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004119f4 .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\igfxsrvc.exe[4128] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001004a075c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004a03a4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001004a0b14 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001004a0ecc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001004a163c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001004a1284 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004a19f4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4364] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001004d075c .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004d03a4 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001004d0b14 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001004d0ecc .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001004d163c .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001004d1284 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004d19f4 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4432] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001001e075c .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001001e03a4 .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001001e0b14 .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001001e0ecc .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001001e163c .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001001e1284 .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001001e19f4 .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Elantech\ETDCtrl.exe[4492] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010041075c .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004103a4 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100410b14 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100410ecc .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010041163c .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100411284 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004119f4 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[4608] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010011075c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001001103a4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100110b14 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100110ecc .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010011163c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100111284 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001001119f4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4648] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010031075c .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001003103a4 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100310b14 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100310ecc .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010031163c .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100311284 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001003119f4 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4656] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 3 bytes JMP 000000010050075c .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 4 00000000772b3ae4 1 byte [89] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 3 bytes JMP 00000001005003a4 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 4 00000000772b7a94 1 byte [89] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100500b14 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100500ecc .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010050163c .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100501284 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001005019f4 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4756] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\KERNEL32.dll!SetUnhandledExceptionFilter 00000000751e87b1 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 00000001000a1014 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 00000001000a0c0c .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 00000001000a0e10 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001000b01f8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001000b03fc .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 00000001000b0804 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 00000001000b0600 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 00000001000b0a08 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d51465 2 bytes [D5, 76] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d514bb 2 bytes [D5, 76] .text ... * 2 .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010042075c .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004203a4 .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100420b14 .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100420ecc .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010042163c .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100421284 .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004219f4 .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\igfxext.exe[4812] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001004b075c .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004b03a4 .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001004b0b14 .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001004b0ecc .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001004b163c .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001004b1284 .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004b19f4 .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\wbem\unsecapp.exe[4860] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010046075c .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004603a4 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100460b14 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100460ecc .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010046163c .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100461284 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004619f4 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4992] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100090a08 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 00000001000a1014 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 00000001000a0804 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 00000001000a0a08 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 00000001000a0c0c .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 00000001000a0e10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001000a01f8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001000a03fc .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 00000001000a0600 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d51465 2 bytes [D5, 76] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d514bb 2 bytes [D5, 76] .text ... * 2 .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001002f075c .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001002f03a4 .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001002f0b14 .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001002f0ecc .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001002f163c .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001002f1284 .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001002f19f4 .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Dolby PCEE4\pcee4.exe[5028] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100111014 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100110c0c .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100110e10 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d51465 2 bytes [D5, 76] .text C:\Program Files (x86)\Launch Manager\LManager.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d514bb 2 bytes [D5, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100090a08 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 00000001000e1014 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 00000001000e0804 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 00000001000e0a08 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 00000001000e0c0c .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 00000001000e0e10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001000e01f8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001000e03fc .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4180] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 00000001000e0600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4232] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d51465 2 bytes [D5, 76] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d514bb 2 bytes [D5, 76] .text ... * 2 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010046075c .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001004603a4 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100460b14 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100460ecc .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010046163c .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100461284 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001004619f4 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1168] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001001801f8 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001001803fc .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100180804 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100180600 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100180a08 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100191014 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100190804 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100190a08 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100190c0c .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100190e10 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001001901f8 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001001903fc .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3064] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100190600 .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 000000010026075c .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001002603a4 .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 0000000100260b14 .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 0000000100260ecc .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 000000010026163c .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 0000000100261284 .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001002619f4 .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\System32\svchost.exe[5364] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\DllHost.exe[6084] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\DllHost.exe[6084] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\DllHost.exe[6084] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\DllHost.exe[6084] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\DllHost.exe[6084] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\DllHost.exe[6084] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\DllHost.exe[6084] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\DllHost.exe[6084] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000772b3ae0 5 bytes JMP 00000001000b075c .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000772b7a90 5 bytes JMP 00000001000b03a4 .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000772e1490 5 bytes JMP 00000001000b0b14 .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000772e14f0 5 bytes JMP 00000001000b0ecc .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772e15d0 5 bytes JMP 00000001000b163c .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772e1810 5 bytes JMP 00000001000b1284 .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772e2840 5 bytes JMP 00000001000b19f4 .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000771ceecd 1 byte [62] .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\taskeng.exe[2240] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefde36e00 5 bytes JMP 000007ff7de51dac .text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefde36f2c 5 bytes JMP 000007ff7de50ecc .text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefde37220 5 bytes JMP 000007ff7de51284 .text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefde3739c 5 bytes JMP 000007ff7de5163c .text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefde37538 5 bytes JMP 000007ff7de519f4 .text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefde375e8 5 bytes JMP 000007ff7de503a4 .text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefde3790c 5 bytes JMP 000007ff7de5075c .text C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefde37ab4 5 bytes JMP 000007ff7de50b14 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007748faa0 5 bytes JMP 0000000100030600 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007748fb38 5 bytes JMP 0000000100030804 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007748fc90 5 bytes JMP 0000000100030c0c .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077490018 5 bytes JMP 0000000100030a08 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077491900 5 bytes JMP 0000000100030e10 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000774ac45a 5 bytes JMP 00000001000301f8 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000774b1217 5 bytes JMP 00000001000303fc .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007520a30a 1 byte [62] .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076b15181 5 bytes JMP 0000000100241014 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076b15254 5 bytes JMP 0000000100240804 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076b153d5 5 bytes JMP 0000000100240a08 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076b154c2 5 bytes JMP 0000000100240c0c .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076b155e2 5 bytes JMP 0000000100240e10 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076b1567c 5 bytes JMP 00000001002401f8 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076b1589f 5 bytes JMP 00000001002403fc .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076b15a22 5 bytes JMP 0000000100240600 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075acee09 5 bytes JMP 00000001002501f8 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075ad3982 5 bytes JMP 00000001002503fc .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075ad7603 5 bytes JMP 0000000100250804 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075ad835c 5 bytes JMP 0000000100250600 .text C:\Users\Kamil\Desktop\11jmc6uj.exe[4712] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075aef52b 5 bytes JMP 0000000100250a08 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2316:1988] 000007fef17c9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3584:3832] 000007fefd8d0168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3584:4020] 000007fefb1e2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3584:3980] 000007fef23bd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3584:1692] 000007fef23bd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3584:2684] 000007fef5db5124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 88 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 1100699 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9f20b8a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9f20b8a@74458a81b035 0xEC 0xC3 0xFB 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 88 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 1100699 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9f20b8a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9f20b8a@74458a81b035 0xEC 0xC3 0xFB 0x21 ... ---- EOF - GMER 2.1 ----