GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-04-20 14:41:37 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000524AS rev.JC4B 931,51GB Running: gmer.exe; Driver: C:\Users\dom\AppData\Local\Temp\uxriqpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x8FCA8FB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x8FCA919C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0x8FCA8310] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0x8FCA8C16] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0x8FCA89CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x8FCA9D14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0x8FCA7CFC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThreadEx [0x8FCA93CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0x8FCA9746] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x8FCA85D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0x8FCA8DF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0x8FCA8872] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0x8FCA9A32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x8FCA8542] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0x8FCA875E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0x8FCA8112] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0x8FCA7F00] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C7D9E9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB71C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82CBE1EC 4 Bytes [B0, 8F, CA, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82CBE214 4 Bytes [9C, 91, CA, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82CBE2A8 4 Bytes [10, 83, CA, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82CBE2C4 4 Bytes [16, 8C, CA, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CBE30C 4 Bytes [CA, 89, CA, 8F] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[452] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 74F71BA0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[452] ntdll.dll!NtReplyWaitReceivePort 76E16418 5 Bytes JMP 74F71450 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[452] ntdll.dll!NtReplyWaitReceivePortEx 76E16428 5 Bytes JMP 74F717F0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\wininit.exe[508] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!RegisterRawInputDevices 76BC5B52 5 Bytes JMP 10018F00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SystemParametersInfoA 76BC80E0 7 Bytes JMP 1001C690 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SetParent 76BC8314 5 Bytes JMP 10018980 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!EnableWindow 76BC8D02 5 Bytes JMP 10017EA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!MoveWindow 76BC8D29 5 Bytes JMP 10018C20 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!GetAsyncKeyState 76BCA256 5 Bytes JMP 10019120 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!RegisterHotKey 76BCAA19 5 Bytes JMP 10018140 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!PostThreadMessageA 76BCAD09 5 Bytes JMP 1001B980 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendMessageA 76BCAD60 5 Bytes JMP 1001B440 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!PostMessageA 76BCB446 5 Bytes JMP 1001BEC0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendNotifyMessageW 76BCC88A 5 Bytes JMP 1001A160 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SystemParametersInfoW 76BCE09A 7 Bytes JMP 1001C470 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SetWindowsHookExW 76BCE30C 5 Bytes JMP 1001C8B0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendMessageTimeoutW 76BCE459 5 Bytes JMP 1001AC20 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!PostThreadMessageW 76BCEEFC 5 Bytes JMP 1001B6E0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SetWinEventHook 76BD24DC 5 Bytes JMP 1001C160 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!GetKeyState 76BD2B4D 5 Bytes JMP 100193D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendMessageCallbackW 76BD2F7B 5 Bytes JMP 1001A6A0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!PostMessageW 76BD447B 5 Bytes JMP 1001BC20 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendMessageW 76BD5539 5 Bytes JMP 1001B1A0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!GetClipboardData 76BE2BA7 5 Bytes JMP 10018370 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendNotifyMessageA 76BE493C 5 Bytes JMP 1001A400 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!mouse_event 76BE6209 5 Bytes JMP 100297C0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SetClipboardViewer 76BE6FF6 5 Bytes JMP 10018780 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendDlgItemMessageW 76BE70D8 5 Bytes JMP 10019C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendDlgItemMessageA 76BE7241 5 Bytes JMP 10019EB0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!GetKeyboardState 76BF6946 5 Bytes JMP 10019680 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!BlockInput 76BF6A99 5 Bytes JMP 10018580 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SetWindowsHookExA 76BF6D0C 5 Bytes JMP 1001CB20 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendMessageTimeoutA 76BF6DA9 5 Bytes JMP 1001AEE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendInput 76BF7019 5 Bytes JMP 10019930 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!ExitWindowsEx 76C106C7 5 Bytes JMP 10017C90 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!keybd_event 76C1EC3B 5 Bytes JMP 100299D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] USER32.dll!SendMessageCallbackA 76C23E8B 5 Bytes JMP 1001A960 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] GDI32.dll!BitBlt 75C972C0 5 Bytes JMP 10029530 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] GDI32.dll!MaskBlt 75C9C7AD 5 Bytes JMP 10029280 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] GDI32.dll!StretchBlt 75C9F467 5 Bytes JMP 10028D50 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] GDI32.dll!PlgBlt 75CB0F73 5 Bytes JMP 10028FF0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[508] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\csrss.exe[516] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 74F71BA0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[516] ntdll.dll!NtReplyWaitReceivePort 76E16418 5 Bytes JMP 74F71450 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[516] ntdll.dll!NtReplyWaitReceivePortEx 76E16428 5 Bytes JMP 74F717F0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\services.exe[588] services.exe 00C61608 4 Bytes [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[588] services.exe 00C61618 4 Bytes [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[588] services.exe 00C61638 4 Bytes [40, E5, 01, 10] .text C:\Windows\system32\services.exe[588] services.exe 00C61648 4 Bytes [80, DF, 01, 10] .text C:\Windows\system32\services.exe[588] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] RPCRT4.dll!RpcServerRegisterIfEx 754409BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\services.exe[588] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[588] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[596] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\lsass.exe[624] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\lsass.exe[624] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\lsm.exe[632] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] RPCRT4.dll!RpcServerRegisterIfEx 754409BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[732] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[732] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] RPCRT4.dll!RpcServerRegisterIfEx 754409BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[812] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[812] rpcss.dll!CoGetComCatalog 741735EC 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[856] ntdll.dll!NtAllocateVirtualMemory 76E152D8 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[856] ntdll.dll!NtCreateFile 76E155C8 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[856] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[932] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\System32\svchost.exe[980] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[980] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\System32\svchost.exe[1020] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] RPCRT4.dll!RpcServerRegisterIfEx 754409BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[1180] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\System32\spoolsv.exe[1464] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1464] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] RPCRT4.dll!RpcServerRegisterIfEx 754409BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[1540] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1540] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\schtasks.exe[1724] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\schtasks.exe[1724] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1740] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\conhost.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[1876] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1876] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchProtocolHost.exe[2128] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[2140] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\dom\Downloads\gmer.exe[2188] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[2376] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\taskhost.exe[2376] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[2452] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\Dwm.exe[2452] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[2512] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[2756] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchFilterHost.exe[2824] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2884] ntdll.dll!NtAllocateVirtualMemory 76E152D8 5 Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2884] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\System32\igfxtray.exe[2916] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 0056B670 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 0055D120 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 0055D240 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 00567F40 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 00565070 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 00565C00 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 00563BA0 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\System32\igfxtray.exe[2916] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 00568D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 00568AE0 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 00569E10 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 00569D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\igfxtray.exe[2916] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 005644D0 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 0022B670 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 0021D120 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 0021D240 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 00227F40 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 00225070 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 00225C00 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 00223BA0 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\System32\hkcmd.exe[2928] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 00228D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 00228AE0 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 00229E10 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 00229D10 c:\windows\system32\guard32.dll .text C:\Windows\System32\hkcmd.exe[2928] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 002244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3028] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3044] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3064] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3128] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe[3228] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\uTorrent\uTorrent.exe[3276] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3320] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[3544] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\wuauclt.exe[3544] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\SearchIndexer.exe[3728] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[3728] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 c:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3836] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 c:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] ntdll.dll!NtAlpcSendWaitReceivePort 76E15418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] ntdll.dll!NtClose 76E154C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] ntdll.dll!LdrUnloadDll 76E2C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] ntdll.dll!LdrLoadDll 76E3223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] kernel32.dll!CreateProcessW 75CE204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] kernel32.dll!CreateProcessA 75CE2082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] kernel32.dll!CreateProcessAsUserW 75D159FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] USER32.dll!DialogBoxParamW 76BE3B9B 5 Bytes JMP 74CD4620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll .text C:\Windows\system32\svchost.exe[3948] GDI32.dll!DeleteDC 75C96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] GDI32.dll!GetPixel 75C9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] GDI32.dll!CreateDCA 75C9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] GDI32.dll!CreateDCW 75C9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3948] ADVAPI32.dll!CreateProcessAsUserA 75332538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteFile] [74CD9D20] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryInformationFile] [74CD9440] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetInformationFile] [74CD9D70] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteKey] [74CDDD50] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenKey] [74CDDC10] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtEnumerateKey] [74CDD9E0] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteValueKey] [74CDDDA0] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetValueKey] [74CDDB30] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryValueKey] [74CDDAC0] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtCreateKey] [74CDDBA0] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenFile] [74CD9BC0] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryKey] [74CD9400] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\services.exe[588] @ C:\Windows\system32\services.exe [ntdll.dll!NtClose] [74CDDCD0] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\winlogon.exe[596] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtClose] [74CDDCD0] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\system32\winlogon.exe[596] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [74CD9A50] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [74CD9A50] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [74CD9A00] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [ntdll.dll!NtClose] [74CDDCD0] c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [731824CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7316562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [731656EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73182546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [731785AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73174D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73175105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [731751DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73176707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73178301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73178850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [731790B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7317E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73174C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060ec1613 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060ec1613 (not active ControlSet) ---- EOF - GMER 2.1 ----