GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-08 17:38:41 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_SP1604N rev.TM100-24 149,05GB Running: kbsezxsx.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\ffxcapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xF5771824] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xF5770DD0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xF577148A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xF5772062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xF5773C26] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xF5773FA4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xF57707BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xF5771A10] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xF5771C18] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xF57705C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xF5772830] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xF5772A86] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xF5773658] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xF5771098] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xF5771666] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xF5772052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xF57701F0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xF5771332] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xF57703F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xF5772C94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xF57730E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xF5772EA6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xF57725C8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xF5771E76] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xF5773944] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xF5772330] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xF5771002] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xF577121E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xF5770BD2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xF57709C0] ---- Kernel code sections - GMER 2.1 ---- init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7554392] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00710001 .text C:\WINDOWS\System32\alg.exe[660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 71880F5A .text C:\WINDOWS\System32\alg.exe[660] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 719D0F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719A0F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718B0F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71940F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 71970F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 718E0F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71910F5A .text C:\WINDOWS\System32\alg.exe[660] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71850F5A .text C:\WINDOWS\system32\csrss.exe[836] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[836] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015F0001 .text C:\WINDOWS\system32\winlogon.exe[864] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718B0F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A00F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719D0F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718E0F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A30F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71970F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719A0F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71910F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71940F5A .text C:\WINDOWS\system32\winlogon.exe[864] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71880F5A .text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001 .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001 .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718B0F5A .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A00F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719D0F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718E0F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A30F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71970F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719A0F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71910F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71940F5A .text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71880F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 0094D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [04, 84] {ADD AL, 0x84} .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 0095BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 0095B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00957DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0094D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001 .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00954F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00955AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00953A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00954390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00958BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00958990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00959CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[928] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00959BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 0094D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [04, 84] {ADD AL, 0x84} .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 0095BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 0095B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00957DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0094D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01500001 .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00954F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00955AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00953A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00954390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00958BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00958990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00959CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[1012] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00959BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718C0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A10F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719E0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718F0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A70F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71980F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AF0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719B0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71920F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71950F5A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1048] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71890F5A .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001 .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F30001 .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 71880F5A .text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1168] rpcss.dll!WhichService 76A63C84 8 Bytes JMP ED501001 .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 719D0F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719A0F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718B0F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71940F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 71970F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 718E0F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71910F5A .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71850F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01C70001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718B0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A00F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719D0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718E0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A30F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71970F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719A0F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71910F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71940F5A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71880F5A .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 023A0001 .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 71860F5A .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 719B0F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 71980F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71890F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!send 71A54C27 6 Bytes JMP 719E0F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71920F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 71950F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 718C0F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 718F0F5A .text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71830F5A .text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 2 Bytes CALL 00810001 .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW + C7 7C801BBC 1 Byte [84] .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001 .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001 .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\ctfmon.exe[1472] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01020001 .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718A0F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] advapi32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] advapi32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 719F0F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719C0F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718D0F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A20F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71960F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 71990F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71900F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71930F5A .text F:\Advanced SystemCare 3\Sup_SmartRAM.exe[1476] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71870F5A .text C:\WINDOWS\Explorer.EXE[1568] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\Explorer.EXE[1568] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BD0001 .text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\Explorer.EXE[1568] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\spoolsv.exe[1676] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001 .text C:\WINDOWS\system32\spoolsv.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\spoolsv.exe[1676] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01050001 .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] KERNEL32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe[1752] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001 .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718C0F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] kernel32.dll!CreateRemoteThread + 174 7C810630 4 Bytes JMP 71AF0000 .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A10F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719E0F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718F0F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A70F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71980F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AD0F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719B0F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71920F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71950F5A .text C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys[1792] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71890F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001 .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys[1812] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 00BCD080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [2C, 84] {SUB AL, 0x84} .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 00BDBB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 00BDB860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BD7DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BCD1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012B0001 .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD4F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD5AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00BD3A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00BD4390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00BD8BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00BD8990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00BD9CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1856] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00BD9BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 006AD080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [DA, 83] .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 006BBB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 006BB860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006B7DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 006AD1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00750001 .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006B4F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006B5AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 006B3A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 3 Bytes JMP 006B4390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] ADVAPI32.dll!CreateProcessAsUserA + 4 77E00C84 1 Byte [88] .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 006B8BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 006B8990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 006B9CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[1896] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 006B9BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\nvsvc32.exe[1920] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00820001 .text C:\WINDOWS\system32\nvsvc32.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\nvsvc32.exe[1920] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 2 Bytes CALL 00810001 .text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryExW + C7 7C801BBC 1 Byte [84] .text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\wdfmgr.exe[2012] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00620001 .text C:\WINDOWS\system32\wdfmgr.exe[2012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\WINDOWS\system32\wdfmgr.exe[2012] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 009DD080 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [0D, 84] .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 009EBB80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 009EB860 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009E7DF0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009DD1A0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A70001 .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E4F30 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E5AC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718D0F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A20F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719F0F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 71900F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A80F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71990F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719C0F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71930F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71960F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 718A0F5A .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 009E3A60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 009E4390 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 009E8BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 009E8990 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 009E9CC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Admin\Pulpit\kbsezxsx.exe[2584] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 009E9BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtClose 7C90CFD0 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtClose + 3 7C90CFD3 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002AE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002AE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002A430 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002A3E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002ADE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 1002A6F0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002A480 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01669720 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!VirtualAlloc 7C809AE1 5 Bytes JMP 0189E21B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!GetQueuedCompletionStatus 7C80A7AD 6 Bytes JMP 718C0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!MapViewOfFile 7C80B995 5 Bytes JMP 0189E1F4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] GDI32.dll!CreateDIBSection 77F19E09 5 Bytes JMP 0189E17E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 71A10F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 719E0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!WSAIoctl 71A53EC0 6 Bytes JMP 718F0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!send 71A54C27 6 Bytes JMP 71A70F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 71980F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!recv 71A5676F 6 Bytes JMP 71AE0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 719B0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 71920F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 71950F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 6 Bytes JMP 71890F5A ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Ip networx.sys Device \Driver\CucusoftBandwidthGuard2000 \Device\CucusoftBandwidthGuard2000 CS32.sys AttachedDevice \Driver\Tcpip \Device\Tcp networx.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp networx.sys AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp networx.sys ---- EOF - GMER 2.1 ----