GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-24 18:19:03 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000524AS rev.JC4B 931,51GB Running: gmer.exe; Driver: C:\Users\dom\AppData\Local\Temp\uxriqpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x90094FB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x9009519C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0x90094310] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0x90094C16] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0x900949CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x90095D14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0x90093CFC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThreadEx [0x900953CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0x90095746] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x900945D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0x90094DF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0x90094872] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0x90095A32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x90094542] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0x9009475E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0x90094112] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0x90093F00] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C3F9E9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C791C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82C801EC 4 Bytes [B0, 4F, 09, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C80214 4 Bytes [9C, 51, 09, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C802A8 4 Bytes JMP 8C0B132F .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82C802C4 4 Bytes [16, 4C, 09, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C8030C 4 Bytes [CA, 49, 09, 90] {RETF 0x949; NOP } .text ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[456] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 75271BA0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[456] ntdll.dll!NtReplyWaitReceivePort 77116418 5 Bytes JMP 75271450 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[456] ntdll.dll!NtReplyWaitReceivePortEx 77116428 5 Bytes JMP 752717F0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\Dwm.exe[508] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[508] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!RegisterRawInputDevices 77005B52 5 Bytes JMP 10018F00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SystemParametersInfoA 770080E0 7 Bytes JMP 1001C690 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetParent 77008314 5 Bytes JMP 10018980 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!EnableWindow 77008D02 5 Bytes JMP 10017EA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!MoveWindow 77008D29 3 Bytes JMP 10018C20 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!MoveWindow + 4 77008D2D 1 Byte [99] .text C:\Windows\system32\wininit.exe[512] USER32.dll!GetAsyncKeyState 7700A256 5 Bytes JMP 10019120 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!RegisterHotKey 7700AA19 3 Bytes JMP 10018140 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!RegisterHotKey + 4 7700AA1D 1 Byte [99] .text C:\Windows\system32\wininit.exe[512] USER32.dll!PostThreadMessageA 7700AD09 5 Bytes JMP 1001B980 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendMessageA 7700AD60 5 Bytes JMP 1001B440 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!PostMessageA 7700B446 5 Bytes JMP 1001BEC0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendNotifyMessageW 7700C88A 5 Bytes JMP 1001A160 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SystemParametersInfoW 7700E09A 7 Bytes JMP 1001C470 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExW 7700E30C 5 Bytes JMP 1001C8B0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendMessageTimeoutW 7700E459 5 Bytes JMP 1001AC20 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!PostThreadMessageW 7700EEFC 5 Bytes JMP 1001B6E0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWinEventHook 770124DC 5 Bytes JMP 1001C160 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!GetKeyState 77012B4D 5 Bytes JMP 100193D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendMessageCallbackW 77012F7B 5 Bytes JMP 1001A6A0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!PostMessageW 7701447B 5 Bytes JMP 1001BC20 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendMessageW 77015539 5 Bytes JMP 1001B1A0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!GetClipboardData 77022BA7 5 Bytes JMP 10018370 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendNotifyMessageA 7702493C 5 Bytes JMP 1001A400 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!mouse_event 77026209 5 Bytes JMP 100297C0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetClipboardViewer 77026FF6 5 Bytes JMP 10018780 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendDlgItemMessageW 770270D8 5 Bytes JMP 10019C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendDlgItemMessageA 77027241 5 Bytes JMP 10019EB0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!GetKeyboardState 77036946 5 Bytes JMP 10019680 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!BlockInput 77036A99 5 Bytes JMP 10018580 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExA 77036D0C 5 Bytes JMP 1001CB20 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendMessageTimeoutA 77036DA9 5 Bytes JMP 1001AEE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendInput 77037019 5 Bytes JMP 10019930 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!ExitWindowsEx 770506C7 5 Bytes JMP 10017C90 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!keybd_event 7705EC3B 5 Bytes JMP 100299D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] USER32.dll!SendMessageCallbackA 77063E8B 5 Bytes JMP 1001A960 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] GDI32.dll!BitBlt 769F72C0 5 Bytes JMP 10029530 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] GDI32.dll!MaskBlt 769FC7AD 5 Bytes JMP 10029280 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] GDI32.dll!StretchBlt 769FF467 5 Bytes JMP 10028D50 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] GDI32.dll!PlgBlt 76A10F73 5 Bytes JMP 10028FF0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[512] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 75271BA0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtReplyWaitReceivePort 77116418 5 Bytes JMP 75271450 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtReplyWaitReceivePortEx 77116428 5 Bytes JMP 752717F0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\taskhost.exe[564] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[564] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] services.exe 00561608 4 Bytes [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[576] services.exe 00561618 4 Bytes [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[576] services.exe 00561638 4 Bytes [40, E5, 01, 10] .text C:\Windows\system32\services.exe[576] services.exe 00561648 4 Bytes [80, DF, 01, 10] .text C:\Windows\system32\services.exe[576] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] RPCRT4.dll!RpcServerRegisterIfEx 76B509BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[576] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] RPCRT4.dll!RpcServerRegisterIfEx 76B509BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[744] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] RPCRT4.dll!RpcServerRegisterIfEx 76B509BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[824] rpcss.dll!CoGetComCatalog 746B35EC 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[896] ntdll.dll!NtAllocateVirtualMemory 771152D8 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[896] ntdll.dll!NtCreateFile 771155C8 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] RPCRT4.dll!RpcServerRegisterIfEx 76B509BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1188] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1400] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] RPCRT4.dll!RpcServerRegisterIfEx 76B509BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1680] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1712] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\servicing\TrustedInstaller.exe[2000] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2160] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2500] ntdll.dll!NtAllocateVirtualMemory 771152D8 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 0056B670 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtClose 771154C8 5 Bytes JMP 0055D120 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 0055D240 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 00567F40 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 00565070 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 00565C00 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 00563BA0 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 00568D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 00568AE0 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 00569E10 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 00569D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2508] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 005644D0 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 0117B670 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] ntdll.dll!NtClose 771154C8 5 Bytes JMP 0116D120 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 0116D240 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 01177F40 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 01175070 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 01175C00 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 01173BA0 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 01178D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 01178AE0 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 01179E10 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 01179D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2516] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 011744D0 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2572] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2596] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2660] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[2668] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2684] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3004] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3276] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[3284] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3500] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[3756] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] ntdll.dll!NtAlpcSendWaitReceivePort 77115418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] ntdll.dll!NtClose 771154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] ntdll.dll!LdrUnloadDll 7712C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] ntdll.dll!LdrLoadDll 7713223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] kernel32.dll!CreateProcessW 76A5204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] kernel32.dll!CreateProcessA 76A52082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] kernel32.dll!CreateProcessAsUserW 76A859FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] GDI32.dll!DeleteDC 769F6EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] GDI32.dll!GetPixel 769FC3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] GDI32.dll!CreateDCA 769FCCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] GDI32.dll!CreateDCW 769FCF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4012] ADVAPI32.dll!CreateProcessAsUserA 76C22538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739524CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7393562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [739356EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73952546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [739485AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73944D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73945105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [739451DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73946707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73948301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73948850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [739490B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7394E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[1188] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73944C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060ec1613 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060ec1613 (not active ControlSet) ---- EOF - GMER 2.1 ----