Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old June 5th, 2013, 02:22 PM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
Sony Laptop Freezing and going Slow

My laptop has been going very slow lately and freezing a lot. Can anyone help me try to see if it has a virus or something? It's a Sony Vaio running Windows 7 home 64 bit
Reply With Quote


  #2  
Old June 5th, 2013, 02:43 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 41
Posts: 5,017
Hello, SirSnoop
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Push the Quick Scan button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Reply With Quote
  #3  
Old June 5th, 2013, 03:07 PM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
OTL logfile created on: 6/5/2013 10:03:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.49% Memory free
15.90 Gb Paging File | 13.85 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.02 Gb Total Space | 546.60 Gb Free Space | 93.43% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 84.74 Mb Free Space | 84.75% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/05 10:02:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
PRC - [2013/05/23 01:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/04 12:12:58 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe
PRC - [2013/04/23 03:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/04/23 03:48:17 | 004,171,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/23 03:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/01/09 00:49:06 | 000,913,429 | ---- | M] () -- C:\Users\Public\Documents\Fiverr\Backlink Speed.EXE
PRC - [2011/04/17 13:38:12 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/04/17 11:45:14 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/04/17 11:45:06 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 01:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgoo glenaclpluginchrome.dll
MOD - [2013/05/23 01:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.d ll
MOD - [2013/05/23 01:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libgl esv2.dll
MOD - [2013/05/23 01:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libeg l.dll
MOD - [2013/05/23 01:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpe gsumo.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/09 00:49:06 | 000,913,429 | ---- | M] () -- C:\Users\Public\Documents\Fiverr\Backlink Speed.EXE


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/12/17 14:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 14:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 14:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/21 11:43:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/19 10:50:38 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/04/17 13:38:12 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/04/17 11:45:14 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/04/17 11:45:06 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/09 04:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 04:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 04:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/11/19 10:50:38 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/18 01:45:48 | 001,591,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/04/17 13:38:34 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/04/17 12:27:04 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/04/17 12:16:14 | 001,388,592 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/17 11:45:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 F5 AA 8C DA 27 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_70 0_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_70 0_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122 .dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alan\AppData\Local\Facebook\Video\Skype\n pFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgo ogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npo1 d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgt po3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.1 45\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.1 45\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/28 19:15:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/24 22:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions
[2013/04/30 00:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Prof iles\c733xhzn.default\extensions
[2013/04/30 00:01:12 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Prof iles\c733xhzn.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013/05/21 23:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/21 23:00:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/28 19:15:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:originalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instant ExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Peppe rFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.d ll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki\8.0.7_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Alan\AppData\Local\Facebook\Update\Facebo okUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{2E010F3E-B3C9-4C67-A213-567A001C7086}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{DB48E44F-C5A0-4700-8A9C-21770438DF44}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/05 10:02:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/05/29 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/05/29 21:05:37 | 001,388,592 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2013/05/29 21:05:37 | 000,218,920 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2013/05/29 21:05:37 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2013/05/29 21:05:37 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2013/05/29 21:05:36 | 000,271,144 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2013/05/29 21:05:36 | 000,214,312 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2013/05/29 21:05:35 | 000,400,168 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2013/05/29 21:05:35 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2013/05/29 20:58:48 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\ElevatedDiagnostics
[2013/05/23 22:19:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/23 20:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/05/23 10:29:41 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/05/21 11:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/21 11:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/05/21 11:40:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/05/19 20:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/19 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/19 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/19 20:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/19 20:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/16 11:32:12 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/05/13 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/05/12 16:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/05/12 16:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/05/12 16:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/05/12 13:10:19 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Facebook
[2013/05/12 13:07:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Skype
[2013/05/12 13:07:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/12 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/12 13:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/12 13:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2013/06/05 10:02:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/06/05 09:57:47 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/05 09:57:47 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/05 09:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/05 09:37:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/05 09:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000UA.job
[2013/06/05 09:18:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/05 08:08:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/05 08:08:12 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/05 07:17:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000UA.job
[2013/06/04 22:29:09 | 000,795,068 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/04 22:29:09 | 000,661,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/04 22:29:09 | 000,121,736 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/04 22:28:28 | 000,770,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/04 21:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000Core.job
[2013/06/04 20:51:21 | 760,858,927 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/04 13:15:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000Core.job
[2013/05/29 19:05:13 | 000,306,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/29 08:03:37 | 000,000,608 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130529_080334.reg
[2013/05/29 08:03:27 | 000,000,082 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130529_080325.reg
[2013/05/28 19:15:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/25 09:33:10 | 000,000,024 | ---- | M] () -- C:\Windows\Backlink Speed.INI
[2013/05/24 18:38:27 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/23 23:19:45 | 000,003,696 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130523_231943.reg
[2013/05/21 23:00:18 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/21 15:58:58 | 027,304,187 | ---- | M] () -- C:\Users\Alan\AppData\Local\census.cache
[2013/05/21 15:36:39 | 000,145,808 | ---- | M] () -- C:\Users\Alan\AppData\Local\ars.cache
[2013/05/21 13:23:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumd32.dll
[2013/05/21 13:23:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\CRTDLL.dll
[2013/05/21 13:14:39 | 000,000,036 | ---- | M] () -- C:\Users\Alan\AppData\Local\housecall.guid.cache
[2013/05/21 11:03:48 | 000,003,594 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130521_110345.reg
[2013/05/19 20:16:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/17 10:02:28 | 000,008,192 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130517_100226.reg
[2013/05/13 06:55:16 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/12 13:07:48 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/12 10:13:00 | 000,010,696 | ---- | M] () -- C:\Users\Alan\Documents\cc_20130512_101257.reg
[2013/05/12 10:11:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/09 04:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 04:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 04:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/09 04:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 04:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/06/04 22:28:28 | 000,770,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/04 20:51:21 | 760,858,927 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/29 19:04:46 | 000,306,928 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/29 08:03:36 | 000,000,608 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130529_080334.reg
[2013/05/29 08:03:27 | 000,000,082 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130529_080325.reg
[2013/05/23 23:19:44 | 000,003,696 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130523_231943.reg
[2013/05/21 15:58:58 | 027,304,187 | ---- | C] () -- C:\Users\Alan\AppData\Local\census.cache
[2013/05/21 15:36:39 | 000,145,808 | ---- | C] () -- C:\Users\Alan\AppData\Local\ars.cache
[2013/05/21 13:23:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumd32.dll
[2013/05/21 13:23:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\CRTDLL.dll
[2013/05/21 13:14:39 | 000,000,036 | ---- | C] () -- C:\Users\Alan\AppData\Local\housecall.guid.cache
[2013/05/21 11:03:46 | 000,003,594 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130521_110345.reg
[2013/05/19 20:16:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/17 10:02:27 | 000,008,192 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130517_100226.reg
[2013/05/12 13:10:20 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000UA.job
[2013/05/12 13:10:20 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000Core.job
[2013/05/12 13:07:48 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/12 10:12:59 | 000,010,696 | ---- | C] () -- C:\Users\Alan\Documents\cc_20130512_101257.reg
[2013/05/09 18:15:37 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000UA.job
[2013/05/09 18:15:36 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2739675972-2437999942-4150982948-1000Core.job
[2013/03/14 21:54:32 | 000,000,024 | ---- | C] () -- C:\Windows\Backlink Speed.INI
[2013/03/14 12:39:55 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/03/14 12:39:54 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/03/14 12:39:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/15 17:40:45 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\IBP
[2013/04/03 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Samsung
[2013/05/11 14:09:26 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Spotify
[2013/06/03 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TeamViewer

========== Purity Check ==========



< End of report >
Reply With Quote
  #4  
Old June 5th, 2013, 03:08 PM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
OTL Extras logfile created on: 6/5/2013 10:03:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.49% Memory free
15.90 Gb Paging File | 13.85 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.02 Gb Total Space | 546.60 Gb Free Space | 93.43% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 84.74 Mb Free Space | 84.75% Space Free | Partition Type: NTFS

Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0C816934-4205-4992-8186-107F20124ADD}" = rport=137 | protocol=17 | dir=out | app=system |
"{0C9B2798-4EDA-4D8D-8BA1-6370D5AADB85}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0DB6D6C1-ABEE-491C-8727-C5730536C002}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20F0CE1F-8848-4E11-B13C-FE394C56FCB4}" = lport=138 | protocol=17 | dir=in | app=system |
"{26BF0E16-0ECE-4BBE-8850-7DF533E1D33B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2FA098BA-89C9-4B00-B595-E87C7DAC1F0C}" = rport=445 | protocol=6 | dir=out | app=system |
"{4BB30F2D-263C-4349-8007-05934BA0A721}" = lport=445 | protocol=6 | dir=in | app=system |
"{4DE65BE9-0F24-48E4-8DD8-68AF8E5B7191}" = lport=2869 | protocol=6 | dir=in | app=system |
"{515165CB-1BED-4906-9296-3D10E65AE9EB}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C26902F-456F-430F-B1CD-24CF1F91BF5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{611EC525-A703-43C5-A109-73BFF7118AA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7909DE43-7ADE-4CCD-B0AA-B78057258805}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4E905FF-492B-4DF5-9623-A13A9D1AE863}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB4E3432-4AB6-4E3E-A3A9-C084BC6785BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF492BA3-B261-4E80-BBAE-BF82455D1CFE}" = lport=139 | protocol=6 | dir=in | app=system |
"{B19688D2-DD0E-420C-92AA-D9C9649C9C30}" = rport=139 | protocol=6 | dir=out | app=system |
"{C6D0DA57-D639-4CF0-93BC-5860D611E17D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE177533-C0CB-4D38-872A-9E5ED36CCB39}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3AD8AFE-9550-4618-810B-A2A2B3B72165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAD5984A-1DD3-4E38-93A9-6BE5D9A58CA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5DEBCD4-731A-4428-89B2-DDAA9D7E4071}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F71487AC-5D4E-45BE-9E31-5D4A00E9F3CC}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0513AD2E-B210-4D1C-925D-05C5B1A8C8C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08487676-4640-42AC-8CF6-0455490AA443}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify. exe |
"{1277C5F2-9389-4522-A09C-BF1BD69DE57C}" = dir=in | app=c:\users\alan\appdata\local\facebook\video\sky pe\facebookvideocalling.exe |
"{220E6A62-D52D-4DCC-AEA7-B22DB7013615}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32E8BF64-F436-4751-8F0F-9AD854C7FBAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33D3A882-15B1-40AF-A56E-A8CEF8DF0EFF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{34741D98-6F18-43CA-9121-B14D2ECD9379}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify. exe |
"{36429F05-52B6-4C68-9629-8E28BF829564}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3AE52969-CDD8-4308-A039-3B973FED1AAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DCFED61-A150-433B-9A69-6983DA08A960}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E28FD0D-14F3-4466-BFE6-D5D855007064}" = protocol=17 | dir=in | app=c:\users\alan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{42619A45-10A6-436D-98C1-A446EC12360B}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify. exe |
"{4B227E8E-2C3B-4654-89BB-BB78481FF60F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{63981D31-B187-4C25-9322-8B116D21552B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63FB433C-A423-44B0-A1FE-62FCAF4BD08D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6479A286-032F-4FF4-AFC9-159F73AA1CD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BCB7067-B7D0-4E8F-8274-C0B127D4D71A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{72DCF63E-8AE7-4AE0-AD24-580A57D62D60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74E35363-3205-40CB-92C1-27D786C148A1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75C3851E-F5AC-413A-9337-795DDF6D7939}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{7AA13238-4A68-4EAE-A76D-1BBFF7A20586}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{826992D9-2520-4E08-9219-2C716E6573B2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{8D7A91BF-7C76-4217-96CD-0506C1E63833}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{913DE6A2-6BA0-48EC-83D4-24A169E4032C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94B38D21-B646-4625-BFDE-E3A6D0438AFE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94F92F06-79F0-44B0-A4B3-00E4D67DB276}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A01EC770-DCF3-4A9C-8D8B-69FDA169A540}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A2DE5DF9-0066-4956-9BB4-3E050527BAA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A4BD904F-2904-4A46-B4C0-54C1E608415D}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify. exe |
"{A7643E1E-F707-42B6-9078-13897DFE3B64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8DF026A-4E25-45B2-83C1-8ECC0606CA48}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A906998E-0DB0-4161-85CA-ABD59E46E711}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3952BB-A75F-48C1-B9E7-399BE37206D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{AB656C5D-913B-4BB1-A161-F78B81BE36CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1225E7E-C52E-4888-AEC4-97C673639CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B3BD38D9-F510-4439-9AAA-E723A45C8AE8}" = protocol=6 | dir=out | app=system |
"{B85251C6-D04D-47A9-88BF-67232C17A7E9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B999EA4F-68C2-49CB-99FB-8254E6988E44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C35CDF42-581B-41F9-BB8E-F8D5E4236BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C3D8D936-5B1C-4A46-9381-580775451FC0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{D7A6014C-DBF1-463B-B9E3-CC6AA5886F93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E3C17ADB-E8DA-4E87-8A2A-100DBB7B743E}" = protocol=6 | dir=in | app=c:\users\alan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EC895452-442D-4119-AA4B-46430C7435A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EE866F53-54EB-46B0-B1FE-1FA9067F06B8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBC0353C-CAFA-4648-91BC-9299774A80E8}" = Mp3 Song Plays Increaser
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE8974B4-479C-4DBA-8544-9E5342ABB26A}" = Keyboard Shortcuts
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"HMA! Pro VPN" = HMA! Pro VPN 2.7.1.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.94
"STANDARDR" = Microsoft Office Standard 2007
"TeamViewer 8" = TeamViewer 8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2013 7:07:52 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27561243

Error - 6/5/2013 7:07:53 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/5/2013 7:07:53 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27562257

Error - 6/5/2013 7:07:53 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27562257

Error - 6/5/2013 7:07:54 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/5/2013 7:07:54 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27563442

Error - 6/5/2013 7:07:54 AM | Computer Name = Alan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27563442

Error - 6/5/2013 7:56:04 AM | Computer Name = Alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/5/2013 8:07:18 AM | Computer Name = Alan-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/5/2013 8:08:59 AM | Computer Name = Alan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >
Reply With Quote
  #5  
Old June 5th, 2013, 04:12 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 41
Posts: 5,017
Quote:
Error - 6/5/2013 9:16:56 AM | Computer Name = Alan-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
Hm, no so good.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Reply With Quote
  #6  
Old June 6th, 2013, 02:07 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-05 21:03:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6465GSXN rev.GB001H 596.17GB
Running: o038jgxc.exe; Driver: C:\Users\Alan\AppData\Local\Temp\kxldrpog.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 000000014a020470
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 000000014a020460
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 000000014a020370
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 000000014a020480
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000014a0203e0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 000000014a020320
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 000000014a0203b0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 000000014a020390
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 000000014a0202e0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 000000014a020440
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 000000014a0202d0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 000000014a020310
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 000000014a0203c0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 000000014a0203f0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 000000014a020230
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffffd31ce890}
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 000000014a020490
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 000000014a0203a0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 000000014a0202f0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 000000014a020350
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 000000014a020290
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 000000014a0202b0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 000000014a0203d0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 000000014a020330
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffffd31ce590}
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 000000014a020410
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 000000014a020240
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 000000014a0201e0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 000000014a020250
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffffd31ce090}
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 000000014a0204a0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 000000014a0204b0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 000000014a020300
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 000000014a020360
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 000000014a0202a0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 000000014a0202c0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 000000014a020380
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 000000014a020340
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 000000014a020450
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 000000014a020260
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 000000014a020270
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 000000014a020400
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 000000014a0201f0
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 000000014a020210
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 000000014a020200
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 000000014a020420
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 000000014a020430
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 000000014a020220
.text C:\Windows\system32\csrss.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 000000014a020280
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 000000014a020470
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 000000014a020460
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 000000014a020370
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 000000014a020480
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000014a0203e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 000000014a020320
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 000000014a0203b0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 000000014a020390
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 000000014a0202e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 000000014a020440
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 000000014a0202d0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 000000014a020310
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 000000014a0203c0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 000000014a0203f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 000000014a020230
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffffd31ce890}
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 000000014a020490
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 000000014a0203a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 000000014a0202f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 000000014a020350
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 000000014a020290
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 000000014a0202b0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 000000014a0203d0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 000000014a020330
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffffd31ce590}
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 000000014a020410
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 000000014a020240
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 000000014a0201e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 000000014a020250
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffffd31ce090}
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 000000014a0204a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 000000014a0204b0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 000000014a020300
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 000000014a020360
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 000000014a0202a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 000000014a0202c0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 000000014a020380
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 000000014a020340
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 000000014a020450
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 000000014a020260
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 000000014a020270
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 000000014a020400
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 000000014a0201f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 000000014a020210
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 000000014a020200
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 000000014a020420
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 000000014a020430
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 000000014a020220
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 000000014a020280
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
Reply With Quote
  #7  
Old June 6th, 2013, 02:07 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\wininit.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\wininit.exe[480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\winlogon.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890}
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590}
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090}
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\services.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\services.exe[576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
Reply With Quote
  #8  
Old June 6th, 2013, 02:08 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890}
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590}
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090}
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\svchost.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
Reply With Quote
  #9  
Old June 6th, 2013, 02:09 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\System32\svchost.exe[880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\System32\svchost.exe[912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\System32\svchost.exe[912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890}
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590}
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090}
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890}
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590}
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090}
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890}
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330
Reply With Quote
  #10  
Old June 6th, 2013, 02:09 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590}
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090}
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\WLANExt.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\System32\spoolsv.exe[1412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\svchost.exe[1456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1560] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
Reply With Quote
  #11  
Old June 6th, 2013, 02:10 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Program Files\Bonjour\mDNSResponder.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[1012] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075391465 2 bytes [39, 75]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753914bb 2 bytes [39, 75]
.text ... * 2
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001000f01f8
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001000f03fc
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001000f0804
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001000f0600
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001000f0a08
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100101014
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100100804
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100100a08
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100100c0c
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100100e10
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001001f8
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001003fc
.text C:\Windows\SysWOW64\DllHost.exe[2380] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100100600
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\system32\wbem\unsecapp.exe[2652] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010022075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002203a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100220b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100220ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010022163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100221284
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002219f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2828] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001000d01f8
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001000d03fc
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001000d0804
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001000d0600
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001000d0a08
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001000e1014
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001000e0804
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001000e0a08
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001000e0c0c
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001000e0e10
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001000e01f8
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001000e03fc
.text C:\Windows\SysWOW64\DllHost.exe[2536] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001000e0600
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 00000001001a075c
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001001a03a4
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 00000001001a0b14
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 00000001001a0ecc
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001001a163c
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 00000001001a1284
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
Reply With Quote
  #12  
Old June 6th, 2013, 02:11 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001001a19f4
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001001d1014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001001d0a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001001d0c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001001d0e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001001e01f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001001e03fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001001e0804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001001e0600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3700] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001001e0a08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3860] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010026075c
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002603a4
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100260b14
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100260ecc
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010026163c
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100261284
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002619f4
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\system32\SearchIndexer.exe[4036] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2796] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100250a08
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000076be8550 5 bytes JMP 00000001002e075c
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 0000000076bed440 5 bytes JMP 00000001002e1284
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076bef874 5 bytes JMP 00000001002e0ecc
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076bf4d4c 5 bytes JMP 00000001002e03a4
.text C:\Windows\System32\svchost.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076c08c20 5 bytes JMP 00000001002e0b14
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010039075c
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001003903a4
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100390b14
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100390ecc
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010039163c
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100391284
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001003919f4
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\system32\taskhost.exe[3300] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010030075c
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001003003a4
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100300b14
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100300ecc
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010030163c
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100301284
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
Reply With Quote
  #13  
Old June 6th, 2013, 02:11 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001003019f4
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\Dwm.exe[2520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010010075c
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001001003a4
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100100b14
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100100ecc
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010010163c
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100101284
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001001019f4
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\Explorer.EXE[3972] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\Explorer.EXE[3972] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010047075c
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001004703a4
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100470b14
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100470ecc
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010047163c
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100471284
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001004719f4
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\System32\igfxpers.exe[2980] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010032075c
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001003203a4
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100320b14
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100320ecc
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010032163c
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100321284
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001003219f4
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2336] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001000a1014
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001000b03fc
Reply With Quote
  #14  
Old June 6th, 2013, 02:12 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 00000001000b0600
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3684] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 00000001000b0a08
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010044075c
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001004403a4
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100440b14
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100440ecc
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010044163c
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100441284
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001004419f4
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\System32\igfxtray.exe[2932] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010021075c
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002103a4
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100210b14
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100210ecc
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010021163c
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100211284
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002119f4
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\System32\hkcmd.exe[3488] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 00000001002f075c
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002f03a4
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 00000001002f0b14
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 00000001002f0ecc
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001002f163c
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 00000001002f1284
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002f19f4
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 00000001003a075c
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001003a03a4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 00000001003a0b14
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 00000001003a0ecc
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001003a163c
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 00000001003a1284
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001003a19f4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe[1108] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010025075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002503a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100250b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100250ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010025163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100251284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
Reply With Quote
  #15  
Old June 6th, 2013, 02:12 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 34
Posts: 566
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002519f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3368] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001001401f8
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001001403fc
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100140804
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100140600
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100140a08
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100151014
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100150804
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100150a08
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100150c0c
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100150e10
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001501f8
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001503fc
.text C:\Users\Alan\AppData\Roaming\Spotify\Data\Spotify WebHelper.exe[3260] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100150600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010024075c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001002403a4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100240b14
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100240ecc
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010024163c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100241284
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001002419f4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSe curity 000007fefe5a6e00 5 bytes JMP 000007ff7e5c1dac
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gA 000007fefe5a6f2c 5 bytes JMP 000007ff7e5c0ecc
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi gW 000007fefe5a7220 5 bytes JMP 000007ff7e5c1284
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2A 000007fefe5a739c 5 bytes JMP 000007ff7e5c163c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfi g2W 000007fefe5a7538 5 bytes JMP 000007ff7e5c19f4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe5a75e8 5 bytes JMP 000007ff7e5c03a4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe5a790c 5 bytes JMP 000007ff7e5c075c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[676] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe5a7ab4 5 bytes JMP 000007ff7e5c0b14
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100260600
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4292] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100060600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100060804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100060c0c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100060a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100060e10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000601f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000603fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 00000001000d1014
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 00000001000d0804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 00000001000d0a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 00000001000d0c0c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 00000001000d0e10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001000d01f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001000d03fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 00000001000d0600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001001901f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001001903fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100190804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100190600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4300] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100190a08
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMem ory 0000000076fffaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076fffb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fffc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemo ry 0000000077000018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077001900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077021217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074bda30a 1 byte [62]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSe curity 00000000751a5181 5 bytes JMP 0000000100151014
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gA 00000000751a5254 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi gW 00000000751a53d5 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2A 00000000751a54c2 5 bytes JMP 0000000100150c0c
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfi g2W 00000000751a55e2 5 bytes JMP 0000000100150e10
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000751a567c 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000751a589f 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000751a5a22 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074abee09 5 bytes JMP 00000001001601f8
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000074ac3982 5 bytes JMP 00000001001603fc
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074ac7603 5 bytes JMP 0000000100160804
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074ac835c 5 bytes JMP 0000000100160600
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4384] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000074adf52b 5 bytes JMP 0000000100160a08
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e23ae0 5 bytes JMP 000000010012075c
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076e27a90 5 bytes JMP 00000001001203a4
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMem ory 0000000076e51490 5 bytes JMP 0000000100120b14
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076e514f0 5 bytes JMP 0000000100120ecc
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 000000010012163c
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemo ry 0000000076e51810 5 bytes JMP 0000000100121284
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 00000001001219f4
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Program Files\iPod\bin\iPodService.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 06:37 AM.