GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-05 20:49:11 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HDT721064SLA360 rev.STDOA3AA 596,17GB Running: g5l8fmxb.exe; Driver: C:\Users\Adrian\AppData\Local\Temp\awrdypog.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x8BD21C04] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x8BD2204E] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAlpcCreatePort [0x8BD21FFC] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwConnectPort [0x8BD20E4A] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateEvent [0x8BD1FF20] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateEventPair [0x8BD1FF78] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateFile [0x8BD21832] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateMutant [0x8BD1FECA] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreatePort [0x8BD1FE72] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSection [0x8BD2154E] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSemaphore [0x8BD1FFCA] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x8BD22EE0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x966E5370] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateThreadEx [0x8BD22298] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x966E5430] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x8BD21122] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwOpenFile [0x8BD21A2A] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwOpenSection [0x8BD213D6] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwSetInformationProcess [0x8BD21E36] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x966E53F0] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x8BD21098] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x966E53B0] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwTerminateProcess [0x8BD20C2A] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwTerminateThread [0x8BD209F8] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 1549 8305CF05 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83097292 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8309E69C 4 Bytes [04, 1C, D2, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 8309E6C4 8 Bytes [4E, 20, D2, 8B, FC, 1F, D2, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 8309E758 4 Bytes [4A, 0E, D2, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8309E76C 12 Bytes [20, FF, D1, 8B, 78, FF, D1, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 8309E794 4 Bytes [CA, FE, D1, 8B] .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8B4B7774] ? C:\Windows\System32\Drivers\a8hstkwb.SYS suspicious PE modification .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\Alcoholx.dll section is writeable [0x77D41000, 0x152A2, 0xE0000020] ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\taskeng.exe[276] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[276] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[456] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] kernel32.dll!SetUnhandledExceptionFilter 7787F71B 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe[472] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\csrss.exe[516] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 75AB2780 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[516] ntdll.dll!NtReplyWaitReceivePort 77C05FE0 5 Bytes JMP 75AB1DE0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[516] ntdll.dll!NtReplyWaitReceivePortEx 77C05FF0 5 Bytes JMP 75AB22B0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[592] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 75AB2780 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[592] ntdll.dll!NtReplyWaitReceivePort 77C05FE0 5 Bytes JMP 75AB1DE0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[592] ntdll.dll!NtReplyWaitReceivePortEx 77C05FF0 5 Bytes JMP 75AB22B0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\services.exe[632] services.exe 00BB1608 4 Bytes [50, 17, 8E, 75] .text C:\Windows\system32\services.exe[632] services.exe 00BB1618 4 Bytes [10, 1B, 8E, 75] .text C:\Windows\system32\services.exe[632] services.exe 00BB1638 4 Bytes [40, 15, 8E, 75] .text C:\Windows\system32\services.exe[632] services.exe 00BB1648 4 Bytes [40, 19, 8E, 75] .text C:\Windows\system32\services.exe[632] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] RPCRT4.dll!RpcServerRegisterIfEx 76220818 5 Bytes JMP 758E2810 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[632] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[656] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[664] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[756] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] RPCRT4.dll!RpcServerRegisterIfEx 76220818 5 Bytes JMP 758E2810 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[820] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[880] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] RPCRT4.dll!RpcServerRegisterIfEx 76220818 5 Bytes JMP 758E2810 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[920] rpcss.dll!CoGetComCatalog 74EC35EC 8 Bytes [90, 0D, 8E, 75, 90, 0B, 8E, ...] .text C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdagent.exe[968] ntdll.dll!NtAllocateVirtualMemory 77C04EA0 5 Bytes JMP 01159F10 C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdagent.exe[968] ntdll.dll!NtCreateFile 77C05190 5 Bytes JMP 01226A20 C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdagent.exe[968] ntdll.dll!NtOpenFile 77C058A0 5 Bytes JMP 01226900 C:\Program Files\Programy\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\KeyScrambler\KeyScrambler.exe[1004] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1128] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1160] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1200] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] RPCRT4.dll!RpcServerRegisterIfEx 76220818 5 Bytes JMP 758E2810 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1240] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe[1304] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1356] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[1476] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1600] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1724] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] RPCRT4.dll!RpcServerRegisterIfEx 76220818 5 Bytes JMP 758E2810 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] user32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] user32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] user32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[2000] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\AVG\Framework\Common\avgsvcx.exe[2024] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2156] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2200] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2208] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\ESET\ESET NOD32 Antivirus\egui.exe[2844] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2952] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\COMODO\COMODO Internet Security\cis.exe[2988] ntdll.dll!NtAllocateVirtualMemory 77C04EA0 5 Bytes JMP 00DE9740 C:\Program Files\Programy\COMODO\COMODO Internet Security\cis.exe .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3120] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3188] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3272] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Programy\COMODO\COMODO Internet Security\cavwp.exe[3344] ntdll.dll!NtAllocateVirtualMemory 77C04EA0 5 Bytes JMP 011C28D0 C:\Program Files\Programy\COMODO\COMODO Internet Security\cavwp.exe .text C:\Program Files\Programy\COMODO\COMODO Internet Security\cavwp.exe[3344] ntdll.dll!NtCreateFile 77C05190 5 Bytes JMP 011C2640 C:\Program Files\Programy\COMODO\COMODO Internet Security\cavwp.exe .text C:\Program Files\Programy\COMODO\COMODO Internet Security\cavwp.exe[3344] ntdll.dll!NtOpenFile 77C058A0 5 Bytes JMP 011C2530 C:\Program Files\Programy\COMODO\COMODO Internet Security\cavwp.exe .text C:\Windows\System32\WUDFHost.exe[3588] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3588] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4128] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Users\Adrian\Desktop\g5l8fmxb.exe[6192] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] ntdll.dll!NtAlpcSendWaitReceivePort 77C04FE0 5 Bytes JMP 758DB690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] ntdll.dll!NtClose 77C05090 5 Bytes JMP 758E2E50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] ntdll.dll!LdrUnloadDll 77C1C746 7 Bytes JMP 758E2CD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] kernel32.dll!CopyFileExW 7786B490 7 Bytes JMP 758CFBA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] kernel32.dll!MoveFileWithProgressW 77878FE4 5 Bytes JMP 758CEFE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] kernel32.dll!CreateProcessInternalW 778809C2 5 Bytes JMP 758D5520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] kernel32.dll!MoveFileWithProgressA 77894208 5 Bytes JMP 758CECD0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] kernel32.dll!MoveFileTransactedA 778BC506 7 Bytes JMP 758CF210 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] kernel32.dll!MoveFileTransactedW 778BC5A9 7 Bytes JMP 758CF520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] USER32.dll!SetWindowsHookExW 75FBE2D4 5 Bytes JMP 758E3300 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] USER32.dll!SetWinEventHook 75FC24AC 5 Bytes JMP 758E39D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] USER32.dll!SetWindowsHookExA 75FE6CDC 5 Bytes JMP 758E3040 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] GDI32.dll!DeleteDC 75E06EAA 5 Bytes JMP 758D16E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] GDI32.dll!GdiAlphaBlend 75E082F2 5 Bytes JMP 758D1C70 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] GDI32.dll!CreateDCA 75E09BCD 5 Bytes JMP 758D0650 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] GDI32.dll!CreateDCW 75E0C78D 5 Bytes JMP 758D0800 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] GDI32.dll!GetPixel 75E0CE47 5 Bytes JMP 758D17B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] GDI32.dll!GdiTransparentBlt 75E0FA1F 5 Bytes JMP 758D19F0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[7584] ole32.dll!CoCreateInstance 75E99C5B 5 Bytes JMP 758DC2E0 C:\Windows\system32\guard32.dll ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 859781F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{189AE0A5-EC63-4722-98C5-0F879F334207} 872E51F8 Device \Driver\usbuhci \Device\USBPDO-0 8765E1F8 Device \Driver\usbuhci \Device\USBPDO-1 8765E1F8 Device \Driver\usbuhci \Device\USBPDO-2 8765E1F8 Device \Driver\usbuhci \Device\USBPDO-3 8765E1F8 Device \Driver\PCI_PNP4868 \Device\00000054 sptd.sys Device \Driver\usbehci \Device\USBPDO-4 8768B1F8 AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys Device \Driver\cdrom \Device\CdRom0 86B8A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859761F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 859761F8 Device \Driver\atapi \Device\Ide\IdePort0 859761F8 Device \Driver\atapi \Device\Ide\IdePort1 859761F8 Device \Driver\atapi \Device\Ide\IdePort2 859761F8 Device \Driver\atapi \Device\Ide\IdePort3 859761F8 Device \Driver\cdrom \Device\CdRom1 86B8A1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 872E51F8 AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys Device \Driver\USBSTOR \Device\0000006a 883EA1F8 Device \Driver\USBSTOR \Device\0000006b 883EA1F8 Device \Driver\USBSTOR \Device\0000006c 883EA1F8 Device \Driver\usbuhci \Device\USBFDO-0 8765E1F8 Device \Driver\USBSTOR \Device\0000006d 883EA1F8 Device \Driver\usbuhci \Device\USBFDO-1 8765E1F8 Device \Driver\USBSTOR \Device\0000006e 883EA1F8 Device \Driver\usbuhci \Device\USBFDO-2 8765E1F8 Device \Driver\usbuhci \Device\USBFDO-3 8765E1F8 Device \Driver\usbehci \Device\USBFDO-4 8768B1F8 Device \Driver\a8hstkwb \Device\Scsi\a8hstkwb1 876EA1F8 Device \Driver\a8hstkwb \Device\Scsi\a8hstkwb1Port4Path0Target0Lun0 876EA1F8 Device \FileSystem\cdfs \Cdfs 86D3F1F8 ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x859761f8]<< 859761f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867b8500] 867b8500 Trace 3 CLASSPNP.SYS[8bc9659e] -> nt!IofCallDriver -> [0x85984918] 85984918 Trace 5 ACPI.sys[8b4dc3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x866e0908] 866e0908 Trace \Driver\atapi[0x866ddd08] -> IRP_MJ_CREATE -> 0x859761f8 859761f8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Programy\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x15 0xFB 0x22 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCD 0xF5 0x3C 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x00 0x33 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Programy\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x15 0xFB 0x22 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xCD 0xF5 0x3C 0xAD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x00 0x33 0xDC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@D2CF6961 583 ---- EOF - GMER 2.2 ---- (cc) 2006-2012 ForgottenLabs.com