Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Problem loading page - Connection Reset?"


  • Please log in to reply

#1
Jaunce

Jaunce

    Member

  • Member
  • PipPip
  • 28 posts
I'm getting this error constantly and I have a feeling it's not some sort of network problem since the other computer users in my household aren't getting this problem at all.

Posted Image

I will reload the page as prompted, and usually it will load incorrectly again, displaying the error once more. In that case I will usually continue trying to reload it which will lead to one of the following:

It will often load the page but display images as blanks like this:Posted Image

and also display ads and such with the error again, or on youtube with the error as well.

Or it will load like this:Posted Image


Could I have some help, please?
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello Jaunce, let's take a look.


If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.


A lot, but comprehensive, and will make sure we get a good view of everything.
  • 0

#3
Jaunce

Jaunce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thank you so much, Jintan! I appreciate your help. I'm working on the logs and stuff now, so I'll post them ASAP! :)
  • 0

#4
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Post when ready.
  • 0

#5
Jaunce

Jaunce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Okay, I don't know what's wrong now but every time I try posting one of the logs it comes up with an error message on here. I can't remember it exactly but it's something like I don't have permission to post here. o-O

I have no clue what's happening.

...Okay I take that back. Just posted the OTL log. Stupid spazzy laptop... Sorry that took so long. -_-' I'll post the others asap.

But also I might as well say I had to run the OTL scan twice because the first time I was stupid and left a bunch of programs open, and forgot to run as administrator. So there you go. :)

Edited by Jaunce, 17 May 2013 - 06:02 PM.

  • 0

#6
Jaunce

Jaunce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
OTL logfile created on: 5/15/2013 8:56:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brianna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 61.24% Memory free
7.68 Gb Paging File | 5.54 Gb Available in Paging File | 72.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.99 Gb Total Space | 216.52 Gb Free Space | 77.33% Space Free | Partition Type: NTFS

Computer Name: BRIANNA-PC | User Name: Brianna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/15 20:40:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brianna\Desktop\OTL.exe
PRC - [2013/05/12 20:10:24 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/02/28 02:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/02/28 02:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/26 00:18:01 | 000,225,792 | ---- | M] () -- c:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/16 03:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2012/10/08 17:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/03/02 01:59:26 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/03/02 01:59:24 | 001,106,512 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/03/02 01:59:24 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/03/02 01:59:24 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/02/29 07:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/07 20:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 20:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 20:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/02/01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 15:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/08/04 15:44:24 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/02/07 10:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/26 00:18:01 | 000,225,792 | ---- | M] () -- c:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/16 03:39:02 | 000,060,504 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll
MOD - [2012/10/16 03:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2012/01/05 15:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/28 02:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/11/14 15:45:32 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2012/02/07 18:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/02 23:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/10 00:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/25 22:21:14 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/02 01:59:24 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 07:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/02/19 22:18:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/07 20:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 20:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 20:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/18 05:33:22 | 000,111,776 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe -- (DCDhcpService)
SRV - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/06/21 13:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/02/07 10:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/28 02:36:34 | 000,177,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/02/28 02:36:34 | 000,068,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/02/28 02:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/02/28 02:36:33 | 000,377,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/02/28 02:36:33 | 000,071,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/02/28 02:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/02/28 02:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/02/28 02:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/12 10:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/10/12 10:20:38 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/10/12 10:20:38 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/26 15:55:32 | 000,054,200 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/13 04:26:39 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/03/13 04:26:39 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/03/13 04:26:39 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/03/07 07:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/14 12:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/09 19:12:08 | 000,078,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2012/02/07 00:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012/02/07 00:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2012/02/01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/19 01:30:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012/01/10 22:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/06 05:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/10 03:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/04 11:21:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/11/04 11:21:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/09/02 15:36:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/07/13 23:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 23:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-511263159-169576973-894043186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-511263159-169576973-894043186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-511263159-169576973-894043186-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-511263159-169576973-894043186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-511263159-169576973-894043186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1482
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brianna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/02 12:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 14:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/14 14:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Extensions
[2013/05/05 11:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\Profiles\8cx51bc1.default\extensions
[2013/05/05 11:37:27 | 000,019,910 | ---- | M] () (No name found) -- C:\Users\Brianna\AppData\Roaming\Mozilla\Firefox\Profiles\8cx51bc1.default\extensions\[email protected]
[2013/04/14 14:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/02 12:31:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/04/10 00:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/10 00:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 00:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - Extension: Docs = C:\Users\Brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\
CHR - Extension: Somoto = C:\Users\Brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbicckmeogemnamjhgbfbhelblnkjlp\10.14.40.128_0\
CHR - Extension: Gmail = C:\Users\Brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/27 09:34:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-511263159-169576973-894043186-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2380E0C2-6E18-4E96-8622-95876B66597C}: DhcpNameServer = 150.200.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0907FB4-2F69-4C1F-A1FF-E1CFF2085286}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/15 20:40:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brianna\Desktop\OTL.exe
[2013/05/14 17:28:37 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\Poetry
[2013/05/14 17:27:35 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\Other
[2013/05/14 17:26:12 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\Original Works
[2013/05/14 17:23:13 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\Buiseness
[2013/05/14 17:22:28 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\Musicals
[2013/05/14 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\365 Project
[2013/05/14 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\Character Sheets
[2013/05/14 17:20:59 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\Fanfiction
[2013/05/14 17:16:04 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Documents\School Work
[2013/05/13 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\Brianna\Desktop\IDLA
[2013/05/12 09:11:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/27 19:28:41 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/04/27 19:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/04/27 19:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay DSi Code Manager
[2013/04/27 19:27:00 | 000,054,200 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys
[2013/04/27 19:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Datel
[2013/04/27 19:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/04/25 15:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/04/22 21:30:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/04/20 09:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/04/20 09:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/20 09:20:51 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/04/20 09:20:50 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/04/20 09:20:50 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/04/20 09:20:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/04/20 09:20:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/04/20 09:20:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/04/20 09:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/02 11:51:00 | 000,642,352 | ---- | C] (Unity Technologies ApS) -- C:\Program Files\UnityWebPlayer.exe

========== Files - Modified Within 30 Days ==========

[2013/05/15 20:40:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brianna\Desktop\OTL.exe
[2013/05/15 20:15:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/15 20:15:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/15 18:49:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/12 11:54:25 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 11:54:25 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/04 08:33:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/27 19:27:01 | 000,001,342 | ---- | M] () -- C:\Users\Brianna\Desktop\Action Replay DSi Code Manager.lnk
[2013/04/25 17:04:49 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/25 17:04:49 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/25 17:04:49 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/25 16:59:38 | 000,440,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/25 16:59:16 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/20 09:20:27 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/04/20 09:20:24 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/04/20 09:20:24 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/04/20 09:20:24 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/04/20 09:20:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/04/20 09:20:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/04/20 09:17:55 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

========== Files Created - No Company Name ==========

[2013/04/27 19:27:01 | 000,001,342 | ---- | C] () -- C:\Users\Brianna\Desktop\Action Replay DSi Code Manager.lnk
[2013/04/20 09:17:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/20 09:17:55 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/29 13:46:48 | 000,004,510 | ---- | C] () -- C:\Users\Brianna\AppData\Roaming\CamStudio.cfg
[2013/03/29 13:46:48 | 000,000,408 | ---- | C] () -- C:\Users\Brianna\AppData\Roaming\CamShapes.ini
[2013/03/29 13:46:48 | 000,000,408 | ---- | C] () -- C:\Users\Brianna\AppData\Roaming\CamLayout.ini
[2013/03/29 13:46:48 | 000,000,046 | ---- | C] () -- C:\Users\Brianna\AppData\Roaming\Camdata.ini
[2013/03/28 16:27:01 | 000,003,584 | ---- | C] () -- C:\Users\Brianna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 04:46:10 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/13 04:46:07 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/13 04:46:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/13 04:46:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/13 04:46:00 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#7
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
What about the Gmer, RogueKiller and OTL's second Extras.Txt log?
  • 0

#8
Jaunce

Jaunce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
OTL didn't make a second Extras.txt. Do you want to see the first one?

I have the GMER log here... almost got the roguekiller one. But I just noticed that my antivirus, which is avast, won't turn its shields back on. I disabled them for the scans... and now whenever I click "enable all shields" nothing happens. :/

Anyway, the log:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 18:14:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298.09GB
Running: 31t90yg6.exe; Driver: C:\Users\Brianna\AppData\Local\Temp\pgliyfow.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\System32\svchost.exe[504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100070460
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000100070370
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000100070480
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100070440
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88bce890}
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100070490
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88bce590}
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000100070410
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88bce090}
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000001000704b0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000100070380
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100070450
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000100070400
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000100070420
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100070430
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1300] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\Explorer.EXE[1812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[2196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[2908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[3108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[3948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\splwow64.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE[4324] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88bce890}
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88bce590}
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88bce090}
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000001000704b0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100070280
.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\Acer\Acer Updater\alu.exe[3188] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Users\Brianna\Desktop\31t90yg6.exe[6124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]

---- Threads - GMER 2.1 ----

Thread [680:836] 000000007746aec0
Thread [680:972] 000000007746fbc0
Thread [680:976] 000000007746fbc0
Thread [680:980] 000000007746fbc0
Thread [680:984] 000000007746fbc0
Thread [680:988] 000000007746fbc0
Thread [680:1000] 000000007746fbc0
Thread [680:1464] 000000007746fbc0
Thread [680:4332] 000000007746fbc0
Thread [680:1416] 000000007746fbc0
Thread C:\Windows\system32\WLANExt.exe [1364:1452] 00000000003d86e4
Thread C:\Windows\system32\WLANExt.exe [1364:1456] 00000000003d86e4
Thread C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [1844:1820] 0000000077683e45
Thread C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [1844:1876] 0000000076767587
Thread C:\Windows\System32\svchost.exe [5736:3224] 000007fef78b9688

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\[email protected] aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk [email protected] 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk [email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\[email protected] aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt [email protected] 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt [email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\[email protected]
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\[email protected] nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 14
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 6239603
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx [email protected] 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx [email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 3
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\[email protected] aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk [email protected] 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk [email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\[email protected] aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt [email protected] 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt [email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\[email protected]
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\[email protected] nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 14
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 6239603
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx [email protected] 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx [email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswSP
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 10
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 3
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

---- EOF - GMER 2.1 ----
  • 0

#9
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
The Gmer log is mostly Avast. For now, please just leave Avast disabled, and run and post the RogueKiller log please.
  • 0

#10
Jaunce

Jaunce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brianna [Admin rights]
Mode : Scan -- Date : 05/17/2013 18:21:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-22JJ5T0 +++++
--- User ---
[MBR] b02e5e7d3fd580f6f0dcaf1f598c91df
[BSP] d72116f591f0ea99e990336d841a63ff : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 286711 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05172013_02d1821.txt >>
RKreport[1]_S_05172013_02d1821.txt



It apparently detected some stuff, and when I try to close it it warns me not to because I haven't deleted anything... Is it alright to close it? I mean, would it hurt anything?

Edited by Jaunce, 17 May 2013 - 06:27 PM.

  • 0

Advertisements


#11
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Yes, that's okay. And it also didn't locate anything of importance.

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
  • 0

#12
Jaunce

Jaunce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
clear.fi SDK - MVP 2
clear.fi SDK- Movie 2
2007 Microsoft Office system
Acer Backup Manager
Acer Crystal Eye Webcam
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Reader XI (11.0.02)
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
Autodesk SketchBook Express 2011 sp2
avast! Free Antivirus
Backup Manager V3
Bamboo Dock
Bamboo Dock
Bamboo Dock
Bejeweled 3
Canon Easy-PhotoPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3100 series On-screen Manual
Canon MG3100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Chronicles of Albian
Chuzzle Deluxe
clear.fi Media
clear.fi Photo
Color Efex Pro 3.0 Wacom Edition 3
Cradle of Rome 2
CyberLink MediaEspresso
CyberLink MediaEspresso
D3DX10
Dora's World Adventure
FATE

..My goodness. Dora's World Adventure? I had no clue most of these were on my computer. -_-' I hope it's just bloatware that came with my laptop. :P

Edited by Jaunce, 17 May 2013 - 06:52 PM.

  • 0

#13
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
The rest of the list?
  • 0

#14
Jaunce

Jaunce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
... I can't even copy and paste correctly. Sheesh. :P Sorry! This must be frustrating for you.

clear.fi SDK - MVP 2
clear.fi SDK- Movie 2
2007 Microsoft Office system
Acer Backup Manager
Acer Crystal Eye Webcam
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Reader XI (11.0.02)
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
Autodesk SketchBook Express 2011 sp2
avast! Free Antivirus
Backup Manager V3
Bamboo Dock
Bamboo Dock
Bamboo Dock
Bejeweled 3
Canon Easy-PhotoPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3100 series On-screen Manual
Canon MG3100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Chronicles of Albian
Chuzzle Deluxe
clear.fi Media
clear.fi Photo
Color Efex Pro 3.0 Wacom Edition 3
Cradle of Rome 2
CyberLink MediaEspresso
CyberLink MediaEspresso
D3DX10
Dora's World Adventure
FATE
Final Drive: Nitro
Galería fotográfica de Windows Live
Galerie de photos Windows Live
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
InterActual Player
Java 7 Update 21
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
Junk Mail filter update
Lagarith lossless video codec (Remove Only)
Launch Manager
Macromedia Flash MX
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 Parser and SDK
MyWinLocker 4
MyWinLocker Suite
MyWinLocker Suite
newsXpresso
newsXpresso
Norton Online Backup
NTI Media Maker 9
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Qualcomm Atheros Direct Connect
Qualcomm Atheros WiFi Driver Installation
QuickTime Alternative 3.2.2
Realtek High Definition Audio Driver
RPG MAKER VX Ace RTP
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shredder
Skype™ 6.3
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
WebTablet FB Plugin 32 bit
WebTablet IE Plugin
WebTablet Netscape Plugin
Welcome Center
WildTangent Games App
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Youtube Downloader HD v. 2.9.6
Zuma's Revenge
  • 0

#15
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Clean enough. Open Firefox - Tools - Add-ons. Click Plugins, click "Check to see if your plugins are up to date". Then follow any prompts to update your plugins. Restart Firefox, and check for changes.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP