My computer won't download any update software and is having inter
Started by
Leoncejames
, Oct 06 2013 01:55 PM
#1
Posted 06 October 2013 - 01:55 PM
#2
Posted 06 October 2013 - 04:13 PM
Hello Leoncejames and
My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.
Before we continue, I would like you to read the following text:
OTL
Please download OTL (by OldTimer) from the link below and save it to your Desktop.
GMER
Please download GMER from one of the following locations and save it to your desktop:
Note:
Tom
My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.
Before we continue, I would like you to read the following text:
- Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
- Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
- Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
- If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
- Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
- Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
- Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
- If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
- Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed
OTL
Please download OTL (by OldTimer) from the link below and save it to your Desktop.
- Disable all anti-virus and anti-malware software to prevent them inhibiting OTL in any way. If you are unsure how to do this, see THIS.
- Double-click OTL.exe to run it.
- Click Run Scan to start OTL.
- When OTL finishes scanning, two logs, OTL.txt and Extras.txt will open.
- Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.
GMER
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror which will download a randomly named file
- Zipped Mirror - Unzip the file to its own folder such as C:\gmer
- Disconnect from the Internet and close all running programs
- Temporarily disable any real-time active protection
- It is very important you do not use your computer while GMER is running
- Double-click on the randomly named GMER icon
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
- If you receive a warning about rootkit activity and are asked to fully scan your system click NO
- Please check in the Quick scan box
- Please uncheck the following:
- IAT/EAT
- Show All <<< Important
- Click Scan
- If you see a rootkit warning window click OK
- When the scan is finished, Save the results to your desktop as gmer.log
- Click Copy then paste the results in your reply
- Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
- If you encounter any problems, try running GMER in Safe Mode
- If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
Tom
#3
Posted 06 October 2013 - 05:17 PM
Gmer results
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-06 19:14:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB
Running: lne1twch.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwdcrpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002fb4000 45 bytes [6B, 87, 08, 38, 76, C1, 48, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff80002fb402f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000149f60460
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000149f60450
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000149f60370
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000149f60470
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000149f603e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000149f60320
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000149f603b0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000149f60390
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000149f602e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000149f602d0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000149f60310
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000149f603c0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000149f603f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000149f60230
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000149f60480
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000149f603a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000149f602f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000149f60350
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000149f60290
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000149f602b0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000149f603d0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000149f60330
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000149f60410
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000149f60240
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000149f601e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000149f60250
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000149f60490
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000149f604a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000149f60300
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000149f60360
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000149f602a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000149f602c0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000149f60380
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000149f60340
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000149f60440
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000149f60260
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000149f60270
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000149f60400
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000149f601f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000149f60210
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000149f60200
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000149f60420
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000149f60430
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000149f60220
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000149f60280
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000149f60460
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000149f60450
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000149f60370
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000149f60470
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000149f603e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000149f60320
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000149f603b0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000149f60390
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000149f602e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000149f602d0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000149f60310
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000149f603c0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000149f603f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000149f60230
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000149f60480
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000149f603a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000149f602f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000149f60350
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000149f60290
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000149f602b0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000149f603d0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000149f60330
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000149f60410
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000149f60240
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000149f601e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000149f60250
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000149f60490
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000149f604a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000149f60300
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000149f60360
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000149f602a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000149f602c0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000149f60380
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000149f60340
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000149f60440
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000149f60260
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000149f60270
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000149f60400
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000149f601f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000149f60210
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000149f60200
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000149f60420
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000149f60430
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000149f60220
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000149f60280
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe[936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\System32\svchost.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\Explorer.EXE[2300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe[3308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77]
.text C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe[3376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3404] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3404] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3404] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe[3420] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536]
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-06 19:14:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB
Running: lne1twch.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwdcrpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002fb4000 45 bytes [6B, 87, 08, 38, 76, C1, 48, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff80002fb402f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000149f60460
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000149f60450
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000149f60370
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000149f60470
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000149f603e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000149f60320
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000149f603b0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000149f60390
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000149f602e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000149f602d0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000149f60310
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000149f603c0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000149f603f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000149f60230
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000149f60480
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000149f603a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000149f602f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000149f60350
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000149f60290
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000149f602b0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000149f603d0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000149f60330
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000149f60410
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000149f60240
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000149f601e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000149f60250
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000149f60490
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000149f604a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000149f60300
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000149f60360
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000149f602a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000149f602c0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000149f60380
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000149f60340
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000149f60440
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000149f60260
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000149f60270
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000149f60400
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000149f601f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000149f60210
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000149f60200
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000149f60420
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000149f60430
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000149f60220
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000149f60280
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000149f60460
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000149f60450
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000149f60370
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000149f60470
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000149f603e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000149f60320
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000149f603b0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000149f60390
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000149f602e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000149f602d0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000149f60310
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000149f603c0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000149f603f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000149f60230
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000149f60480
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000149f603a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000149f602f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000149f60350
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000149f60290
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000149f602b0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000149f603d0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000149f60330
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000149f60410
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000149f60240
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000149f601e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000149f60250
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000149f60490
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000149f604a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000149f60300
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000149f60360
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000149f602a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000149f602c0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000149f60380
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000149f60340
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000149f60440
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000149f60260
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000149f60270
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000149f60400
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000149f601f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000149f60210
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000149f60200
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000149f60420
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000149f60430
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000149f60220
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000149f60280
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\services.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\services.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\lsm.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\winlogon.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe[936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\System32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\System32\svchost.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files\IDT\WDM\STacSV64.exe[1100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\WLANExt.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\taskhost.exe[2184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\Dwm.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\Explorer.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\Explorer.EXE[2300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\taskeng.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Program Files\Bonjour\mDNSResponder.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[2116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3172] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe[3308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77]
.text C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe[3376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3404] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3404] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077251465 2 bytes [25, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[3404] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000772514bb 2 bytes [25, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe[3420] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000773ea2ba 1 byte [62]
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a427e0 5 bytes JMP 0000000077ba0400
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a429a0 5 bytes JMP 0000000077ba01f0
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a429b0 5 bytes JMP 0000000077ba0210
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a42a20 5 bytes JMP 0000000077ba0200
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a42a80 5 bytes JMP 0000000077ba0420
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a42a90 5 bytes JMP 0000000077ba0430
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a42aa0 5 bytes JMP 0000000077ba0220
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a42b80 5 bytes JMP 0000000077ba0280
.text C:\Windows\system32\conhost.exe[3436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007792eecd 1 byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a41360 5 bytes JMP 0000000077ba0460
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a413b0 5 bytes JMP 0000000077ba0450
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a41510 5 bytes JMP 0000000077ba0370
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a41560 5 bytes JMP 0000000077ba0470
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a41570 5 bytes JMP 0000000077ba03e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a41620 5 bytes JMP 0000000077ba0320
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a41650 5 bytes JMP 0000000077ba03b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a41670 5 bytes JMP 0000000077ba0390
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a416b0 5 bytes JMP 0000000077ba02e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a41730 5 bytes JMP 0000000077ba02d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a41750 5 bytes JMP 0000000077ba0310
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a41790 5 bytes JMP 0000000077ba03c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a417e0 5 bytes JMP 0000000077ba03f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a41940 5 bytes JMP 0000000077ba0230
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a41b00 5 bytes JMP 0000000077ba0480
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a41b30 5 bytes JMP 0000000077ba03a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a41c10 5 bytes JMP 0000000077ba02f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a41c20 5 bytes JMP 0000000077ba0350
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a41c80 5 bytes JMP 0000000077ba0290
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a41d10 5 bytes JMP 0000000077ba02b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a41d30 5 bytes JMP 0000000077ba03d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a41d40 5 bytes JMP 0000000077ba0330
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a41db0 5 bytes JMP 0000000077ba0410
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a41de0 5 bytes JMP 0000000077ba0240
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a420a0 5 bytes JMP 0000000077ba01e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a42160 5 bytes JMP 0000000077ba0250
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a42190 5 bytes JMP 0000000077ba0490
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a421a0 5 bytes JMP 0000000077ba04a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a421d0 5 bytes JMP 0000000077ba0300
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a421e0 5 bytes JMP 0000000077ba0360
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a42240 5 bytes JMP 0000000077ba02a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a42290 5 bytes JMP 0000000077ba02c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a422c0 5 bytes JMP 0000000077ba0380
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a422d0 5 bytes JMP 0000000077ba0340
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a425c0 5 bytes JMP 0000000077ba0440
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a427c0 5 bytes JMP 0000000077ba0260
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a427d0 5 bytes JMP 0000000077ba0270
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536]
#4
Posted 06 October 2013 - 05:21 PM
Otl file
OTL logfile created on: 10/6/2013 6:55:05 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 62.29% Memory free
11.90 Gb Paging File | 9.45 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.62 Gb Total Space | 550.82 Gb Free Space | 81.29% Space Free | Partition Type: NTFS
Drive D: | 16.85 Gb Total Space | 1.82 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
Drive F: | 2.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: THOMAS-HP | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/22 06:18:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Downloads\OTL.exe
PRC - [2013/08/22 02:47:32 | 003,022,448 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/22 02:47:32 | 000,048,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/02 23:52:42 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/23 02:45:26 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/05 17:14:34 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/06 15:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
PRC - [2011/09/06 15:48:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
PRC - [2011/08/26 07:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 07:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 07:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/24 01:42:08 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/08/22 23:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/30 18:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/03/30 18:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/03/30 18:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/03/30 18:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 18:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 18:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:04 | 013,611,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/22 02:47:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/08/22 02:47:33 | 000,388,720 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswCommChannel.dll
MOD - [2013/08/22 02:47:33 | 000,064,264 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
MOD - [2013/08/22 02:47:33 | 000,024,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MOD - [2011/09/06 15:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
========== Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV:64bit: - [2013/08/22 02:47:32 | 000,048,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/08/16 04:32:40 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 15:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/19 20:16:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 02:45:26 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:45:26 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/05 17:14:34 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/06 15:48:32 | 000,093,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2011/08/26 07:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/08/24 01:42:08 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/30 18:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/30 18:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/30 18:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/03/07 20:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 18:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 18:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/08/30 05:39:37 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/22 02:47:36 | 001,032,928 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/22 02:47:36 | 000,406,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/22 02:47:36 | 000,082,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/22 02:47:36 | 000,075,552 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/22 02:47:36 | 000,068,336 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/22 02:47:36 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/22 02:47:36 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/19 00:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/10/18 12:12:06 | 001,111,856 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/13 14:13:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/13 14:13:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/24 01:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/16 04:32:40 | 000,534,016 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/05 16:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 16:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/27 11:22:50 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 21:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 21:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/30 20:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 15:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 15:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/03/18 15:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 15:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/08 18:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 21:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/26 22:23:15 | 000,060,992 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SWSetup\sp59555\iscflashx64.sys -- (iscFlash)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{60EC8933-9202-1888-F3E7-25184D7A0281}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {6BAC7606-0D7A-4E7D-B8A4-5D4F2A58A325}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{60EC8933-9202-1888-F3E7-25184D7A0281}: "URL" = http://isearch.avg.c...fr&d=2012-06-17 08:52:28&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{6BAC7606-0D7A-4E7D-B8A4-5D4F2A58A325}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
[2013/08/23 20:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/05/28 12:09:42 | 000,197,611 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/06/23 06:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Website Logon = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Gmail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/08/22 02:25:50 | 000,449,438 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll File not found
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77BA107D-A5EB-4D10-96CC-0468DA79BECB}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3DF9A2-897D-4579-8FB9-D95A58D7492C}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{87dd9153-cecc-11e1-a957-4ceb42299423}\Shell - "" = AutoRun
O33 - MountPoints2\{87dd9153-cecc-11e1-a957-4ceb42299423}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/06 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/04 22:04:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/10/04 22:04:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/10/04 22:04:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/10/04 22:03:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/10/04 22:03:52 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/10/04 22:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/10/04 22:03:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\PMB Files
[2013/10/04 22:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/10/04 22:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/10/04 22:02:02 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Riot Games
[2013/10/04 01:15:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{7B23FA2E-D7BA-4813-9F0E-C3C6ED0A0DD9}
[2013/09/13 23:44:20 | 000,000,000 | RH-D | C] -- C:\Users\Thomas\Desktop\New folder
[2013/09/11 16:12:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 16:12:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 16:11:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 16:11:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 16:11:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 16:11:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 16:11:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 16:11:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 16:11:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 16:11:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 16:11:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 16:11:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 16:11:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 16:11:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 16:11:55 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/10 23:19:52 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/10 23:19:47 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/10 23:19:46 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/10 23:19:46 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/10 23:19:45 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/10 23:19:44 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/10 23:19:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/10 23:19:43 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/10 23:19:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/10 23:19:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/10 23:19:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/10 23:19:43 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/10 23:19:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/10 23:19:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/10 23:19:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/10 23:19:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/10 23:19:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 23:19:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 23:19:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 23:19:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/10 23:19:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 23:19:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 23:19:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 23:19:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 23:19:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 23:19:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/10 23:19:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/10 23:19:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/10 23:19:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/10 23:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 23:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 23:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 23:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 23:19:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/10 23:19:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
========== Files - Modified Within 30 Days ==========
[2013/10/06 18:57:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/06 18:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/06 18:05:20 | 000,002,239 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/06 17:07:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/06 15:40:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 15:40:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 15:38:21 | 000,731,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/06 15:38:21 | 000,627,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/06 15:38:21 | 000,107,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/06 15:35:57 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/06 15:32:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/06 15:31:28 | 495,828,991 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/05 22:51:15 | 000,006,103 | ---- | M] () -- C:\Windows\wininit.ini
[2013/10/05 22:41:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/10/04 22:03:55 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/10/04 21:18:04 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThomas.job
[2013/09/30 20:53:09 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTHOMAS-HP$.job
[2013/09/19 20:16:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 20:16:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/12 22:21:04 | 000,001,093 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/09/12 15:37:48 | 000,000,462 | ---- | M] () -- C:\Recovery (D) - Shortcut.lnk
[2013/09/11 19:43:28 | 000,419,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 16:11:41 | 000,748,034 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/10 18:49:07 | 000,516,390 | ---- | M] () -- C:\Users\Thomas\Documents\Scan Job47137.pdf
[2013/09/07 22:20:56 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
========== Files Created - No Company Name ==========
[2013/10/06 15:35:57 | 000,002,239 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/06 15:35:57 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/05 22:41:33 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/10/04 22:03:55 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/09/12 15:37:48 | 000,000,462 | ---- | C] () -- C:\Recovery (D) - Shortcut.lnk
[2013/09/10 18:49:07 | 000,516,390 | ---- | C] () -- C:\Users\Thomas\Documents\Scan Job47137.pdf
[2013/08/27 01:40:31 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/08/27 01:40:30 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/08/27 00:57:12 | 000,002,638 | ---- | C] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2013/08/22 02:43:31 | 000,006,103 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/07 18:50:59 | 000,007,598 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2013/04/29 08:54:37 | 000,004,096 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\keyfile3.drm
[2013/03/16 08:25:20 | 000,000,002 | -HS- | C] () -- C:\Users\Thomas\AppData\Roaming\evf9
[2013/03/16 08:25:13 | 000,000,007 | -HS- | C] () -- C:\Users\Thomas\AppData\Roaming\date
[2012/06/29 20:14:00 | 000,024,209 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\UserTile.png
[2012/06/29 18:43:08 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/29 17:30:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/19 23:01:25 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
OTL logfile created on: 10/6/2013 6:55:05 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 62.29% Memory free
11.90 Gb Paging File | 9.45 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.62 Gb Total Space | 550.82 Gb Free Space | 81.29% Space Free | Partition Type: NTFS
Drive D: | 16.85 Gb Total Space | 1.82 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
Drive F: | 2.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: THOMAS-HP | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/22 06:18:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Downloads\OTL.exe
PRC - [2013/08/22 02:47:32 | 003,022,448 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/22 02:47:32 | 000,048,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/02 23:52:42 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/23 02:45:26 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/05 17:14:34 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/06 15:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
PRC - [2011/09/06 15:48:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
PRC - [2011/08/26 07:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 07:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 07:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/24 01:42:08 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/08/22 23:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/30 18:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/03/30 18:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/03/30 18:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/03/30 18:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 18:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 18:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:04 | 013,611,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/22 02:47:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/08/22 02:47:33 | 000,388,720 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswCommChannel.dll
MOD - [2013/08/22 02:47:33 | 000,064,264 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
MOD - [2013/08/22 02:47:33 | 000,024,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MOD - [2011/09/06 15:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
========== Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV:64bit: - [2013/08/22 02:47:32 | 000,048,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/08/16 04:32:40 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 15:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/19 20:16:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 02:45:26 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:45:26 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/05 17:14:34 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/06 15:48:32 | 000,093,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2011/08/26 07:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/08/24 01:42:08 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/30 18:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/30 18:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/30 18:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/03/07 20:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 18:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 18:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/08/30 05:39:37 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/22 02:47:36 | 001,032,928 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/22 02:47:36 | 000,406,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/22 02:47:36 | 000,082,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/22 02:47:36 | 000,075,552 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/22 02:47:36 | 000,068,336 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/22 02:47:36 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/22 02:47:36 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/19 00:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/10/18 12:12:06 | 001,111,856 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/13 14:13:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/13 14:13:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/24 01:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/16 04:32:40 | 000,534,016 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/05 16:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 16:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/27 11:22:50 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 21:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 21:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/30 20:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 15:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 15:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/03/18 15:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 15:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/08 18:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 21:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/26 22:23:15 | 000,060,992 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SWSetup\sp59555\iscflashx64.sys -- (iscFlash)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{60EC8933-9202-1888-F3E7-25184D7A0281}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {6BAC7606-0D7A-4E7D-B8A4-5D4F2A58A325}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{60EC8933-9202-1888-F3E7-25184D7A0281}: "URL" = http://isearch.avg.c...fr&d=2012-06-17 08:52:28&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{6BAC7606-0D7A-4E7D-B8A4-5D4F2A58A325}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
[2013/08/23 20:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/05/28 12:09:42 | 000,197,611 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/06/23 06:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Website Logon = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Gmail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/08/22 02:25:50 | 000,449,438 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll File not found
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77BA107D-A5EB-4D10-96CC-0468DA79BECB}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3DF9A2-897D-4579-8FB9-D95A58D7492C}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{87dd9153-cecc-11e1-a957-4ceb42299423}\Shell - "" = AutoRun
O33 - MountPoints2\{87dd9153-cecc-11e1-a957-4ceb42299423}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/06 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/04 22:04:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/10/04 22:04:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/10/04 22:04:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/10/04 22:03:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/10/04 22:03:52 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/10/04 22:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/10/04 22:03:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\PMB Files
[2013/10/04 22:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/10/04 22:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/10/04 22:02:02 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Riot Games
[2013/10/04 01:15:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{7B23FA2E-D7BA-4813-9F0E-C3C6ED0A0DD9}
[2013/09/13 23:44:20 | 000,000,000 | RH-D | C] -- C:\Users\Thomas\Desktop\New folder
[2013/09/11 16:12:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 16:12:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 16:11:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 16:11:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 16:11:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 16:11:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 16:11:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 16:11:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 16:11:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 16:11:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 16:11:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 16:11:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 16:11:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 16:11:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 16:11:55 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/10 23:19:52 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/10 23:19:47 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/10 23:19:46 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/10 23:19:46 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/10 23:19:45 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/10 23:19:44 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/10 23:19:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/10 23:19:43 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/10 23:19:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/10 23:19:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/10 23:19:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/10 23:19:43 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/10 23:19:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/10 23:19:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/10 23:19:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/10 23:19:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/10 23:19:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 23:19:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 23:19:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 23:19:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/10 23:19:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 23:19:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 23:19:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 23:19:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 23:19:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 23:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 23:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 23:19:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/10 23:19:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/10 23:19:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/10 23:19:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/10 23:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 23:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 23:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 23:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 23:19:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/10 23:19:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
========== Files - Modified Within 30 Days ==========
[2013/10/06 18:57:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/06 18:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/06 18:05:20 | 000,002,239 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/06 17:07:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/06 15:40:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 15:40:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 15:38:21 | 000,731,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/06 15:38:21 | 000,627,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/06 15:38:21 | 000,107,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/06 15:35:57 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/06 15:32:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/06 15:31:28 | 495,828,991 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/05 22:51:15 | 000,006,103 | ---- | M] () -- C:\Windows\wininit.ini
[2013/10/05 22:41:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/10/04 22:03:55 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/10/04 21:18:04 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThomas.job
[2013/09/30 20:53:09 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTHOMAS-HP$.job
[2013/09/19 20:16:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 20:16:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/12 22:21:04 | 000,001,093 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/09/12 15:37:48 | 000,000,462 | ---- | M] () -- C:\Recovery (D) - Shortcut.lnk
[2013/09/11 19:43:28 | 000,419,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 16:11:41 | 000,748,034 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/10 18:49:07 | 000,516,390 | ---- | M] () -- C:\Users\Thomas\Documents\Scan Job47137.pdf
[2013/09/07 22:20:56 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
========== Files Created - No Company Name ==========
[2013/10/06 15:35:57 | 000,002,239 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/06 15:35:57 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/05 22:41:33 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/10/04 22:03:55 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/09/12 15:37:48 | 000,000,462 | ---- | C] () -- C:\Recovery (D) - Shortcut.lnk
[2013/09/10 18:49:07 | 000,516,390 | ---- | C] () -- C:\Users\Thomas\Documents\Scan Job47137.pdf
[2013/08/27 01:40:31 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/08/27 01:40:30 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/08/27 00:57:12 | 000,002,638 | ---- | C] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2013/08/22 02:43:31 | 000,006,103 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/07 18:50:59 | 000,007,598 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2013/04/29 08:54:37 | 000,004,096 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\keyfile3.drm
[2013/03/16 08:25:20 | 000,000,002 | -HS- | C] () -- C:\Users\Thomas\AppData\Roaming\evf9
[2013/03/16 08:25:13 | 000,000,007 | -HS- | C] () -- C:\Users\Thomas\AppData\Roaming\date
[2012/06/29 20:14:00 | 000,024,209 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\UserTile.png
[2012/06/29 18:43:08 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/29 17:30:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/19 23:01:25 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
#5
Posted 07 October 2013 - 03:55 PM
Hi Leoncejames,
When you say files won't download, what do you mean? Does the download never start, or fail with an error?
OTL Fix
AdwCleaner
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:
Download Mirror #1
Note: The log can also be found in here: C:\AdwCleaner\
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
ESET Online Scanner:
Note: The below instructions relate to running the scan with Google Chrome only. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.
Vista/Windows 7 users: You will need to to right-click on the either the Google Chrome icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
OTL
Tom
When you say files won't download, what do you mean? Does the download never start, or fail with an error?
OTL Fix
- Run OTL.
- Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
:Commands [CREATERESTOREPOINT] :OTL SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/05/28 12:09:42 | 000,197,611 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected] O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing :Files DIR C:\ /S /A:L /c :Commands [EMPTYTEMP]
- Click the Run Fix button.
AdwCleaner
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:
Download Mirror #1
- Right-click on AdwCleaner.exe and select Run as administrator.
- Click Scan and let the scan run.
- When it finishes, click Clean, following the on screen prompts
- After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply.
ESET Online Scanner:
Note: The below instructions relate to running the scan with Google Chrome only. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.
Vista/Windows 7 users: You will need to to right-click on the either the Google Chrome icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Please go here to run the scan...
- In the window that now appears called Launch ESET Online Scanner
- Double-click on esetsmartinstaller_enu.exe to download the ESET Smart Installer
- Then in the lower left hand corner of the browser window double click on >> follow the prompts
- In the new window that appears select the option YES, I accept the Terms of Use then click on Start
- Now in the Computer scan settings window that appears:-
- Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on: Start
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do nottouch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on: Finish
- Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
- Copy and paste that log as a reply to this topic.
OTL
- Run OTL by double-clicking on it.
- Click Quick Scan to start OTL.
- When OTL finishes scanning, a logs, OTL.txt will open.
- Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Tom
#6
Posted 07 October 2013 - 09:26 PM
My computer won't let me download necessary updates
such as windows or java, sorry I should have stated it more clearly.
# AdwCleaner v3.006 - Report created 07/10/2013 at 19:14:47
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Thomas - THOMAS-HP
# Running from : C:\Users\Thomas\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Giant Savings
Folder Deleted : C:\Users\Thomas\AppData\Local\apn
Folder Deleted : C:\Users\Thomas\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Thomas\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
***** [ Shortcuts ] *****
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.07.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Thomas :: THOMAS-HP [administrator]
10/7/2013 7:22:08 PM
mbam-log-2013-10-07 (19-22-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200517
Time elapsed: 5 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 20
C:\Users\Thomas\AppData\Roaming\BitTorrent\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Awkward_Ballads_for_the_Easily-pleased_423.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\DownloadManagerSetup (1).exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\FreeYouTubeDownloaderInstaller.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\FreeYouTubeDownloaderInstallerIC.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\greengamesham-setup.exe (PUP.Optional.DownloadAdmin) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\RaShRadio - The Crow.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\sergio virtual boyfriend setup.exe (PUP.Optional.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Setup (2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Setup (6).exe (Adware.IBryte) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Setup__2140_il50863.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\SoftonicDownloader_for_java-runtime-environment (1).exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\SoftonicDownloader_for_java-runtime-environment (2).exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\SoftonicDownloader_for_java-runtime-environment.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\The Mostly Unfabulous Social Life of Ethan Green.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\The.Mostly.Unfabulous.Social.Life.of.Ethan.Green.LIMITED.DVDRip.XviD-SAPHiRE.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Tom Milsom.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Wicked_The_Musical-_One_Short_Day_277.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
(end)
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=00ceb8e00680a843aa1c72765333bbe9
# engine=15395
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-08 03:00:34
# local_time=2013-10-07 11:00:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 2786069 3125594 0 0
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 132744684 0 0
# scanned=227545
# found=19
# cleaned=0
# scan_time=11928
sh=5D2AD26DC5E1803CE01A88B1BFD3B7315CFA23FF ft=1 fh=f323761fa664a904 vn="a variant of Win32/InstallCore.CF application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\java-update.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/OpenCandy application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\PDFCreator-1_7_0_setup.exe"
sh=A0EDBE2E5A9B18355BD1229CCED8B3AAC2E9D00C ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\Windows Loader.rar"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\winzipSetup (1).exe"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\winzipSetup (2).exe"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\winzipSetup.exe"
sh=5D2AD26DC5E1803CE01A88B1BFD3B7315CFA23FF ft=1 fh=f323761fa664a904 vn="a variant of Win32/InstallCore.CF application" ac=I fn="C:\Users\Thomas\Downloads\java-update.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/OpenCandy application" ac=I fn="C:\Users\Thomas\Downloads\PDFCreator-1_7_0_setup.exe"
sh=A0EDBE2E5A9B18355BD1229CCED8B3AAC2E9D00C ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I application" ac=I fn="C:\Users\Thomas\Downloads\Windows Loader.rar"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Users\Thomas\Downloads\winzipSetup (1).exe"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Users\Thomas\Downloads\winzipSetup (2).exe"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Users\Thomas\Downloads\winzipSetup.exe"
sh=3602ED6725CE4319D3FF1418239925988EA3CFCC ft=1 fh=aa6e632996466872 vn="a variant of Win32/Toolbar.Perion.A application" ac=I fn="C:\_OTL\MovedFiles\08262013_004755\C_Program Files\Updater By SweetPacks\Extension32.dll"
sh=7A3F3CF7AD7BD8A6F74DB88BA612694D2626BC7F ft=1 fh=6b12adc792d8830b vn="a variant of Win32/Toolbar.BitCocktail.B application" ac=I fn="C:\_OTL\MovedFiles\08262013_004755\C_Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe"
sh=16E40DF9644DEBCEC740DDB9AB94361FDD317A91 ft=1 fh=f79a757a298ec9e1 vn="a variant of Win32/Toolbar.BitCocktail.A application" ac=I fn="C:\_OTL\MovedFiles\08262013_004755\C_Program Files\Updater By SweetPacks\InstallerHelper.dll"
sh=9C8CA9C51244C369E3A083C8BFD33689281B01D8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\THOMAS-HP\Backup Set 2012-06-17 083906\Backup Files 2012-06-17 190000\Backup files 1.zip"
sh=3A9F35BF5992BC3CE0F4E445D70319D81FCDAA79 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.iBryte.C application" ac=I fn="E:\THOMAS-HP\Backup Set 2012-06-17 083906\Backup Files 2012-07-08 210601\Backup files 1.zip"
sh=1C372DCF013669CFEF13824BB0A50D66E47BA54A ft=0 fh=0000000000000000 vn="Win32/SweetIM.E application" ac=I fn="E:\THOMAS-HP\Backup Set 2013-06-23 193811\Backup Files 2013-06-23 193811\Backup files 2.zip"
sh=B960B836302CC4296EA3E97840515A58A0CD5646 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\THOMAS-HP\Backup Set 2013-06-23 193811\Backup Files 2013-06-23 193811\Backup files 11.zip"
OTL logfile created on: 10/7/2013 11:19:28 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 69.12% Memory free
11.90 Gb Paging File | 9.88 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.62 Gb Total Space | 550.49 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive D: | 16.85 Gb Total Space | 1.82 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
Drive F: | 2.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: THOMAS-HP | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/22 06:18:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Downloads\OTL.exe
PRC - [2013/08/22 02:47:32 | 003,022,448 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/22 02:47:32 | 000,048,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/02 23:52:42 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/23 02:45:26 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/07/23 02:45:26 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/05 17:14:34 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/06 15:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
PRC - [2011/09/06 15:48:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
PRC - [2011/08/26 07:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 07:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 07:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/24 01:42:08 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/08/22 23:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/30 18:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/03/30 18:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/03/30 18:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/03/30 18:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 18:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 18:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/22 02:47:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/08/22 02:47:33 | 000,388,720 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswCommChannel.dll
MOD - [2013/08/22 02:47:33 | 000,064,264 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
MOD - [2013/08/22 02:47:33 | 000,024,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MOD - [2011/09/06 15:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/22 02:47:32 | 000,048,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/08/16 04:32:40 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 15:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/19 20:16:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 02:45:26 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:45:26 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/05 17:14:34 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/06 15:48:32 | 000,093,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2011/08/26 07:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/08/24 01:42:08 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/30 18:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/30 18:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/30 18:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/03/07 20:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 18:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 18:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/08/30 05:39:37 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/22 02:47:36 | 001,032,928 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/22 02:47:36 | 000,406,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/22 02:47:36 | 000,082,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/22 02:47:36 | 000,075,552 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/22 02:47:36 | 000,068,336 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/22 02:47:36 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/22 02:47:36 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/19 00:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/10/18 12:12:06 | 001,111,856 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/13 14:13:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/13 14:13:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/24 01:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/16 04:32:40 | 000,534,016 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/05 16:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 16:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/27 11:22:50 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 21:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 21:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/30 20:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 15:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 15:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/03/18 15:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 15:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/08 18:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 21:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/26 22:23:15 | 000,060,992 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SWSetup\sp59555\iscflashx64.sys -- (iscFlash)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{60EC8933-9202-1888-F3E7-25184D7A0281}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{60EC8933-9202-1888-F3E7-25184D7A0281}: "URL" = http://isearch.avg.c...fr&d=2012-06-17 08:52:28&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{6BAC7606-0D7A-4E7D-B8A4-5D4F2A58A325}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2013/10/07 19:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/06/23 06:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Website Logon = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Gmail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/08/22 02:25:50 | 000,449,438 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77BA107D-A5EB-4D10-96CC-0468DA79BECB}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3DF9A2-897D-4579-8FB9-D95A58D7492C}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{87dd9153-cecc-11e1-a957-4ceb42299423}\Shell - "" = AutoRun
O33 - MountPoints2\{87dd9153-cecc-11e1-a957-4ceb42299423}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/07 19:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/10/07 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2013/10/07 19:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/07 19:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/07 19:21:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/07 19:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/07 19:13:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/06 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/04 22:03:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/10/04 22:03:52 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/10/04 22:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/10/04 22:03:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\PMB Files
[2013/10/04 22:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/10/04 22:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/10/04 22:02:02 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Riot Games
[2013/10/04 01:15:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{7B23FA2E-D7BA-4813-9F0E-C3C6ED0A0DD9}
[2013/09/13 23:44:20 | 000,000,000 | RH-D | C] -- C:\Users\Thomas\Desktop\New folder
========== Files - Modified Within 30 Days ==========
[2013/10/07 23:18:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/07 23:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/07 23:11:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 23:11:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 23:08:00 | 000,731,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/07 23:08:00 | 000,627,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/07 23:08:00 | 000,107,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/07 23:03:34 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThomas.job
[2013/10/07 23:03:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 23:03:28 | 495,828,991 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 22:57:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/07 19:21:14 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/06 20:03:02 | 000,002,239 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/06 19:40:59 | 888,636,907 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/06 15:35:57 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/05 22:51:15 | 000,006,103 | ---- | M] () -- C:\Windows\wininit.ini
[2013/10/05 22:41:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/10/04 22:03:55 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/09/30 20:53:09 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTHOMAS-HP$.job
[2013/09/12 22:21:04 | 000,001,093 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/09/12 15:37:48 | 000,000,462 | ---- | M] () -- C:\Recovery (D) - Shortcut.lnk
[2013/09/11 19:43:28 | 000,419,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 16:11:41 | 000,748,034 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/10 18:49:07 | 000,516,390 | ---- | M] () -- C:\Users\Thomas\Documents\Scan Job47137.pdf
========== Files Created - No Company Name ==========
[2013/10/07 21:54:50 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForThomas.job
[2013/10/07 19:21:14 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/06 19:40:59 | 888,636,907 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/06 15:35:57 | 000,002,239 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/06 15:35:57 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/05 22:41:33 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/10/04 22:03:55 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/09/12 15:37:48 | 000,000,462 | ---- | C] () -- C:\Recovery (D) - Shortcut.lnk
[2013/09/10 18:49:07 | 000,516,390 | ---- | C] () -- C:\Users\Thomas\Documents\Scan Job47137.pdf
[2013/08/27 01:40:31 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/08/27 01:40:30 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/08/27 00:57:12 | 000,002,638 | ---- | C] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2013/08/22 02:43:31 | 000,006,103 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/07 18:50:59 | 000,007,598 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2013/04/29 08:54:37 | 000,004,096 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\keyfile3.drm
[2013/03/16 08:25:20 | 000,000,002 | -HS- | C] () -- C:\Users\Thomas\AppData\Roaming\evf9
[2013/03/16 08:25:13 | 000,000,007 | -HS- | C] () -- C:\Users\Thomas\AppData\Roaming\date
[2012/06/29 20:14:00 | 000,024,209 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\UserTile.png
[2012/06/29 18:43:08 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/29 17:30:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/19 23:01:25 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/08/22 02:49:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AVAST Software
[2013/10/07 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\BitTorrent
[2012/08/20 22:34:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IDT
[2013/02/09 18:36:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MP3Rocket
[2013/06/23 06:46:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PDF Architect
[2013/02/09 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\redsn0w
[2012/06/29 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Research In Motion
[2013/10/04 22:02:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Riot Games
[2013/09/29 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SoftGrid Client
[2012/06/16 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Synaptics
[2012/06/19 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TP
[2013/05/17 03:16:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TuneUp Software
[2013/07/22 02:53:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Utherverse
[2013/08/27 01:44:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\VideoEditor
[2012/06/25 15:18:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
such as windows or java, sorry I should have stated it more clearly.
# AdwCleaner v3.006 - Report created 07/10/2013 at 19:14:47
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Thomas - THOMAS-HP
# Running from : C:\Users\Thomas\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Giant Savings
Folder Deleted : C:\Users\Thomas\AppData\Local\apn
Folder Deleted : C:\Users\Thomas\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Thomas\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Thomas\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
***** [ Shortcuts ] *****
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.07.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Thomas :: THOMAS-HP [administrator]
10/7/2013 7:22:08 PM
mbam-log-2013-10-07 (19-22-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200517
Time elapsed: 5 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 20
C:\Users\Thomas\AppData\Roaming\BitTorrent\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Awkward_Ballads_for_the_Easily-pleased_423.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\DownloadManagerSetup (1).exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\FreeYouTubeDownloaderInstaller.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\FreeYouTubeDownloaderInstallerIC.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\greengamesham-setup.exe (PUP.Optional.DownloadAdmin) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\RaShRadio - The Crow.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\sergio virtual boyfriend setup.exe (PUP.Optional.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Setup (2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Setup (6).exe (Adware.IBryte) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Setup__2140_il50863.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\SoftonicDownloader_for_java-runtime-environment (1).exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\SoftonicDownloader_for_java-runtime-environment (2).exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\SoftonicDownloader_for_java-runtime-environment.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\The Mostly Unfabulous Social Life of Ethan Green.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\The.Mostly.Unfabulous.Social.Life.of.Ethan.Green.LIMITED.DVDRip.XviD-SAPHiRE.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Tom Milsom.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Thomas\Downloads\Wicked_The_Musical-_One_Short_Day_277.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
(end)
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=00ceb8e00680a843aa1c72765333bbe9
# engine=15395
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-08 03:00:34
# local_time=2013-10-07 11:00:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 2786069 3125594 0 0
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 132744684 0 0
# scanned=227545
# found=19
# cleaned=0
# scan_time=11928
sh=5D2AD26DC5E1803CE01A88B1BFD3B7315CFA23FF ft=1 fh=f323761fa664a904 vn="a variant of Win32/InstallCore.CF application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\java-update.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/OpenCandy application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\PDFCreator-1_7_0_setup.exe"
sh=A0EDBE2E5A9B18355BD1229CCED8B3AAC2E9D00C ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\Windows Loader.rar"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\winzipSetup (1).exe"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\winzipSetup (2).exe"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Documents and Settings\Thomas\Downloads\winzipSetup.exe"
sh=5D2AD26DC5E1803CE01A88B1BFD3B7315CFA23FF ft=1 fh=f323761fa664a904 vn="a variant of Win32/InstallCore.CF application" ac=I fn="C:\Users\Thomas\Downloads\java-update.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/OpenCandy application" ac=I fn="C:\Users\Thomas\Downloads\PDFCreator-1_7_0_setup.exe"
sh=A0EDBE2E5A9B18355BD1229CCED8B3AAC2E9D00C ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I application" ac=I fn="C:\Users\Thomas\Downloads\Windows Loader.rar"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Users\Thomas\Downloads\winzipSetup (1).exe"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Users\Thomas\Downloads\winzipSetup (2).exe"
sh=B248398454CB6A0E405386EE013E1DC0A73D0051 ft=1 fh=2e85234c41e419a7 vn="a variant of Win32/DomaIQ.A application" ac=I fn="C:\Users\Thomas\Downloads\winzipSetup.exe"
sh=3602ED6725CE4319D3FF1418239925988EA3CFCC ft=1 fh=aa6e632996466872 vn="a variant of Win32/Toolbar.Perion.A application" ac=I fn="C:\_OTL\MovedFiles\08262013_004755\C_Program Files\Updater By SweetPacks\Extension32.dll"
sh=7A3F3CF7AD7BD8A6F74DB88BA612694D2626BC7F ft=1 fh=6b12adc792d8830b vn="a variant of Win32/Toolbar.BitCocktail.B application" ac=I fn="C:\_OTL\MovedFiles\08262013_004755\C_Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe"
sh=16E40DF9644DEBCEC740DDB9AB94361FDD317A91 ft=1 fh=f79a757a298ec9e1 vn="a variant of Win32/Toolbar.BitCocktail.A application" ac=I fn="C:\_OTL\MovedFiles\08262013_004755\C_Program Files\Updater By SweetPacks\InstallerHelper.dll"
sh=9C8CA9C51244C369E3A083C8BFD33689281B01D8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\THOMAS-HP\Backup Set 2012-06-17 083906\Backup Files 2012-06-17 190000\Backup files 1.zip"
sh=3A9F35BF5992BC3CE0F4E445D70319D81FCDAA79 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.iBryte.C application" ac=I fn="E:\THOMAS-HP\Backup Set 2012-06-17 083906\Backup Files 2012-07-08 210601\Backup files 1.zip"
sh=1C372DCF013669CFEF13824BB0A50D66E47BA54A ft=0 fh=0000000000000000 vn="Win32/SweetIM.E application" ac=I fn="E:\THOMAS-HP\Backup Set 2013-06-23 193811\Backup Files 2013-06-23 193811\Backup files 2.zip"
sh=B960B836302CC4296EA3E97840515A58A0CD5646 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\THOMAS-HP\Backup Set 2013-06-23 193811\Backup Files 2013-06-23 193811\Backup files 11.zip"
OTL logfile created on: 10/7/2013 11:19:28 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.95 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 69.12% Memory free
11.90 Gb Paging File | 9.88 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.62 Gb Total Space | 550.49 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive D: | 16.85 Gb Total Space | 1.82 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
Drive F: | 2.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: THOMAS-HP | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/22 06:18:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Downloads\OTL.exe
PRC - [2013/08/22 02:47:32 | 003,022,448 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/22 02:47:32 | 000,048,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/02 23:52:42 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/23 02:45:26 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/07/23 02:45:26 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/05 17:14:34 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/06 15:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
PRC - [2011/09/06 15:48:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
PRC - [2011/08/26 07:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 07:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 07:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/24 01:42:08 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/08/22 23:40:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/03/30 18:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/03/30 18:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/03/30 18:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/03/30 18:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 18:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 18:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/22 02:47:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/08/22 02:47:33 | 000,388,720 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswCommChannel.dll
MOD - [2013/08/22 02:47:33 | 000,064,264 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
MOD - [2013/08/22 02:47:33 | 000,024,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MOD - [2011/09/06 15:48:34 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe
========== Services (SafeList) ==========
SRV:64bit: - [2013/08/22 02:47:32 | 000,048,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 05:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 05:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/08/16 04:32:40 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 15:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/19 20:16:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 02:45:26 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:45:26 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/05 17:14:34 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/06 15:48:32 | 000,093,696 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2011/08/26 07:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/08/24 01:42:08 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/30 18:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/30 18:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/30 18:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/03/07 20:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 04:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 18:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 18:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/08/30 05:39:37 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/22 02:47:36 | 001,032,928 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/22 02:47:36 | 000,406,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/22 02:47:36 | 000,082,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/22 02:47:36 | 000,075,552 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/22 02:47:36 | 000,068,336 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/22 02:47:36 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/22 02:47:36 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/19 00:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/10/18 12:12:06 | 001,111,856 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/13 14:13:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/13 14:13:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/24 01:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/16 04:32:40 | 000,534,016 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/08/05 16:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 16:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/27 11:22:50 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/10 21:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 21:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/30 20:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 15:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 15:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/03/18 15:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 15:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/08 18:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 21:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/11/26 22:23:15 | 000,060,992 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SWSetup\sp59555\iscflashx64.sys -- (iscFlash)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{60EC8933-9202-1888-F3E7-25184D7A0281}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{60EC8933-9202-1888-F3E7-25184D7A0281}: "URL" = http://isearch.avg.c...fr&d=2012-06-17 08:52:28&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{6BAC7606-0D7A-4E7D-B8A4-5D4F2A58A325}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DCD91905-9B19-43D4-969C-A101C0921ABB}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2013/10/07 19:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/06/23 06:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Website Logon = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Gmail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/08/22 02:25:50 | 000,449,438 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77BA107D-A5EB-4D10-96CC-0468DA79BECB}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3DF9A2-897D-4579-8FB9-D95A58D7492C}: DhcpNameServer = 208.104.244.45 208.104.2.36 208.104.2.85
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{87dd9153-cecc-11e1-a957-4ceb42299423}\Shell - "" = AutoRun
O33 - MountPoints2\{87dd9153-cecc-11e1-a957-4ceb42299423}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/07 19:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/10/07 19:21:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2013/10/07 19:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/07 19:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/07 19:21:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/07 19:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/07 19:13:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/06 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/04 22:03:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/10/04 22:03:52 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/10/04 22:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/10/04 22:03:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\PMB Files
[2013/10/04 22:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/10/04 22:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/10/04 22:02:02 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Riot Games
[2013/10/04 01:15:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{7B23FA2E-D7BA-4813-9F0E-C3C6ED0A0DD9}
[2013/09/13 23:44:20 | 000,000,000 | RH-D | C] -- C:\Users\Thomas\Desktop\New folder
========== Files - Modified Within 30 Days ==========
[2013/10/07 23:18:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/07 23:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/07 23:11:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 23:11:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 23:08:00 | 000,731,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/07 23:08:00 | 000,627,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/07 23:08:00 | 000,107,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/07 23:03:34 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThomas.job
[2013/10/07 23:03:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 23:03:28 | 495,828,991 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 22:57:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/07 19:21:14 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/06 20:03:02 | 000,002,239 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/06 19:40:59 | 888,636,907 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/06 15:35:57 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/05 22:51:15 | 000,006,103 | ---- | M] () -- C:\Windows\wininit.ini
[2013/10/05 22:41:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/10/04 22:03:55 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/09/30 20:53:09 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTHOMAS-HP$.job
[2013/09/12 22:21:04 | 000,001,093 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/09/12 15:37:48 | 000,000,462 | ---- | M] () -- C:\Recovery (D) - Shortcut.lnk
[2013/09/11 19:43:28 | 000,419,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 16:11:41 | 000,748,034 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/10 18:49:07 | 000,516,390 | ---- | M] () -- C:\Users\Thomas\Documents\Scan Job47137.pdf
========== Files Created - No Company Name ==========
[2013/10/07 21:54:50 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForThomas.job
[2013/10/07 19:21:14 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/06 19:40:59 | 888,636,907 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/06 15:35:57 | 000,002,239 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/06 15:35:57 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/05 22:41:33 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013/10/04 22:03:55 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/09/12 15:37:48 | 000,000,462 | ---- | C] () -- C:\Recovery (D) - Shortcut.lnk
[2013/09/10 18:49:07 | 000,516,390 | ---- | C] () -- C:\Users\Thomas\Documents\Scan Job47137.pdf
[2013/08/27 01:40:31 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/08/27 01:40:30 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/08/27 00:57:12 | 000,002,638 | ---- | C] () -- C:\Users\Thomas\AppData\Local\recently-used.xbel
[2013/08/22 02:43:31 | 000,006,103 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/07 18:50:59 | 000,007,598 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2013/04/29 08:54:37 | 000,004,096 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\keyfile3.drm
[2013/03/16 08:25:20 | 000,000,002 | -HS- | C] () -- C:\Users\Thomas\AppData\Roaming\evf9
[2013/03/16 08:25:13 | 000,000,007 | -HS- | C] () -- C:\Users\Thomas\AppData\Roaming\date
[2012/06/29 20:14:00 | 000,024,209 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\UserTile.png
[2012/06/29 18:43:08 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/29 17:30:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/06/19 23:01:25 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/08/22 02:49:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AVAST Software
[2013/10/07 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\BitTorrent
[2012/08/20 22:34:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IDT
[2013/02/09 18:36:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MP3Rocket
[2013/06/23 06:46:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PDF Architect
[2013/02/09 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\redsn0w
[2012/06/29 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Research In Motion
[2013/10/04 22:02:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Riot Games
[2013/09/29 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SoftGrid Client
[2012/06/16 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Synaptics
[2012/06/19 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TP
[2013/05/17 03:16:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TuneUp Software
[2013/07/22 02:53:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Utherverse
[2013/08/27 01:44:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\VideoEditor
[2012/06/25 15:18:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
#7
Posted 10 October 2013 - 05:10 PM
Hi Leoncejames,
Sorry for the delay, it's a busy time of the week for me as I have many uni assignments set on Tuesday/Wednesday.
The logs look great, are you still having problems downloading updates? Is it just updates that fail to download?
Tom
Sorry for the delay, it's a busy time of the week for me as I have many uni assignments set on Tuesday/Wednesday.
The logs look great, are you still having problems downloading updates? Is it just updates that fail to download?
Tom
#8
Posted 10 October 2013 - 05:32 PM
It keeps happening, they update sometimes but others they won't at all, like completely, and some webpages won't download things too such as the java webpage or chrome updates.
#9
Posted 11 October 2013 - 07:00 PM
Hi Leoncejames,
I would like you to do this to troubleshoot this issue further:
MGADiag
Tom
I would like you to do this to troubleshoot this issue further:
MGADiag
- Download MGADiag (by Microsoft) from the link below:
http://go.microsoft....k/?linkid=52012
- Run the tool by double clicking on the file. Press Continue when prompted
- When it has finished, press Copy then Paste (Ctrl+V) this into your next post
Tom
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users