OTL didn't make a second Extras.txt. Do you want to see the first one?
I have the GMER log here... almost got the roguekiller one. But I just noticed that my antivirus, which is avast, won't turn its shields back on. I disabled them for the scans... and now whenever I click "enable all shields" nothing happens. :/
Anyway, the log:
GMER 2.1.19163 -
http://www.gmer.net
Rootkit scan 2013-05-17 18:14:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298.09GB
Running: 31t90yg6.exe; Driver: C:\Users\Brianna\AppData\Local\Temp\pgliyfow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\System32\svchost.exe[504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100070460
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000100070370
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000100070480
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100070440
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88bce890}
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100070490
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88bce590}
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000100070410
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88bce090}
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000001000704b0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000100070380
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100070450
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000100070400
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000100070420
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100070430
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\System32\spoolsv.exe[1548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe[1724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1300] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\Explorer.EXE[1812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\Explorer.EXE[1812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\taskhost.exe[2160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[2196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[2908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[3108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\SearchIndexer.exe[3896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[3948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\splwow64.exe[1128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\splwow64.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE[4324] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0xffffffff88bce890}
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0xffffffff88bce590}
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0xffffffff88bce090}
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000001000704b0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000100070280
.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\System32\svchost.exe[5736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Program Files\Acer\Acer Updater\alu.exe[3188] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000774a13c0 5 bytes JMP 0000000077600470
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000774a1410 5 bytes JMP 0000000077600460
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000774a1570 5 bytes JMP 0000000077600370
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000774a15c0 5 bytes JMP 0000000077600480
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774a15d0 5 bytes JMP 00000000776003e0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000774a1680 5 bytes JMP 0000000077600320
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774a16b0 5 bytes JMP 00000000776003b0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000774a16d0 5 bytes JMP 0000000077600390
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000774a1710 5 bytes JMP 00000000776002e0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774a1760 5 bytes JMP 0000000077600440
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000774a1790 5 bytes JMP 00000000776002d0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000774a17b0 5 bytes JMP 0000000077600310
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000774a17f0 5 bytes JMP 00000000776003c0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000774a1840 5 bytes JMP 00000000776003f0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000774a19a0 1 byte JMP 0000000077600230
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000774a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000774a1b60 5 bytes JMP 0000000077600490
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000774a1b90 5 bytes JMP 00000000776003a0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000774a1c70 5 bytes JMP 00000000776002f0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000774a1c80 5 bytes JMP 0000000077600350
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000774a1ce0 5 bytes JMP 0000000077600290
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000774a1d70 5 bytes JMP 00000000776002b0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774a1d90 5 bytes JMP 00000000776003d0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000774a1da0 1 byte JMP 0000000077600330
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000774a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000774a1e10 5 bytes JMP 0000000077600410
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000774a1e40 5 bytes JMP 0000000077600240
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000774a2100 5 bytes JMP 00000000776001e0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000774a21c0 1 byte JMP 0000000077600250
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000774a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000774a21f0 5 bytes JMP 00000000776004a0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000774a2200 5 bytes JMP 00000000776004b0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000774a2230 5 bytes JMP 0000000077600300
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000774a2240 5 bytes JMP 0000000077600360
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000774a22a0 5 bytes JMP 00000000776002a0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000774a22f0 5 bytes JMP 00000000776002c0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000774a2320 5 bytes JMP 0000000077600380
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000774a2330 5 bytes JMP 0000000077600340
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000774a2620 5 bytes JMP 0000000077600450
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000774a2820 5 bytes JMP 0000000077600260
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000774a2830 5 bytes JMP 0000000077600270
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774a2840 5 bytes JMP 0000000077600400
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000774a2a00 5 bytes JMP 00000000776001f0
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000774a2a10 5 bytes JMP 0000000077600210
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000774a2a80 5 bytes JMP 0000000077600200
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000774a2ae0 5 bytes JMP 0000000077600420
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000774a2af0 5 bytes JMP 0000000077600430
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000774a2b00 5 bytes JMP 0000000077600220
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000774a2be0 5 bytes JMP 0000000077600280
.text C:\Windows\system32\AUDIODG.EXE[1604] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076eceecd 1 byte [62]
.text C:\Users\Brianna\Desktop\31t90yg6.exe[6124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007612a30a 1 byte [62]
---- Threads - GMER 2.1 ----
Thread [680:836] 000000007746aec0
Thread [680:972] 000000007746fbc0
Thread [680:976] 000000007746fbc0
Thread [680:980] 000000007746fbc0
Thread [680:984] 000000007746fbc0
Thread [680:988] 000000007746fbc0
Thread [680:1000] 000000007746fbc0
Thread [680:1464] 000000007746fbc0
Thread [680:4332] 000000007746fbc0
Thread [680:1416] 000000007746fbc0
Thread C:\Windows\system32\WLANExt.exe [1364:1452] 00000000003d86e4
Thread C:\Windows\system32\WLANExt.exe [1364:1456] 00000000003d86e4
Thread C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [1844:1820] 0000000077683e45
Thread C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [1844:1876] 0000000076767587
Thread C:\Windows\System32\svchost.exe [5736:3224] 000007fef78b9688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 14
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 6239603
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 14
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 6239603
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 3
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
---- EOF - GMER 2.1 ----