GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-05 00:52:31 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.03.0 465,76GB Running: msygsulj.exe; Driver: C:\Users\General\AppData\Local\Temp\uwliykow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x9193EFB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x9193F19C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0x9193E310] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0x9193EC16] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0x9193E9CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x9193FD14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0x9193DCFC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThreadEx [0x9193F3CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0x9193F746] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x9193E5D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0x9193EDF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0x9193E872] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0x9193FA32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x9193E542] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0x9193E75E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0x9193E112] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0x9193DF00] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E849F5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBE1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82EC541C 4 Bytes [B0, EF, 93, 91] {MOV AL, 0xef; XCHG EBX, EAX; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82EC5444 4 Bytes [9C, F1, 93, 91] {PUSHF ; INT1 ; XCHG EBX, EAX; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82EC54D8 4 Bytes [10, E3, 93, 91] {ADC BL, AH; XCHG EBX, EAX; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82EC54F4 4 Bytes [16, EC, 93, 91] {PUSH SS; IN AL, DX; XCHG EBX, EAX; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC553C 4 Bytes [CA, E9, 93, 91] {RETF 0x93e9; XCHG ECX, EAX} .text ... .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8BD9B346] ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[440] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\Explorer.EXE[440] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 75191BA0 C:\windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtReplyWaitReceivePort 77146418 5 Bytes JMP 75191450 C:\windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[520] ntdll.dll!NtReplyWaitReceivePortEx 77146428 5 Bytes JMP 751917F0 C:\windows\system32\cmdcsr.dll .text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!RegisterRawInputDevices 75715B52 5 Bytes JMP 10018F00 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SystemParametersInfoA 757180E0 7 Bytes JMP 1001C690 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SetParent 75718314 5 Bytes JMP 10018980 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!EnableWindow 75718D02 5 Bytes JMP 10017EA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!MoveWindow 75718D29 5 Bytes JMP 10018C20 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!GetAsyncKeyState 7571A256 5 Bytes JMP 10019120 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!RegisterHotKey 7571AA19 5 Bytes JMP 10018140 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!PostThreadMessageA 7571AD09 5 Bytes JMP 1001B980 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendMessageA 7571AD60 5 Bytes JMP 1001B440 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!PostMessageA 7571B446 5 Bytes JMP 1001BEC0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendNotifyMessageW 7571C88A 5 Bytes JMP 1001A160 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SystemParametersInfoW 7571E09A 7 Bytes JMP 1001C470 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SetWindowsHookExW 7571E30C 5 Bytes JMP 1001C8B0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendMessageTimeoutW 7571E459 5 Bytes JMP 1001AC20 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!PostThreadMessageW 7571EEFC 5 Bytes JMP 1001B6E0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SetWinEventHook 757224DC 5 Bytes JMP 1001C160 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!GetKeyState 75722B4D 5 Bytes JMP 100193D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendMessageCallbackW 75722F7B 5 Bytes JMP 1001A6A0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!PostMessageW 7572447B 5 Bytes JMP 1001BC20 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendMessageW 75725539 5 Bytes JMP 1001B1A0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!GetClipboardData 75732BA7 5 Bytes JMP 10018370 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendNotifyMessageA 7573493C 5 Bytes JMP 1001A400 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!mouse_event 75736209 5 Bytes JMP 100297C0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SetClipboardViewer 75736FF6 5 Bytes JMP 10018780 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendDlgItemMessageW 757370D8 5 Bytes JMP 10019C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendDlgItemMessageA 75737241 5 Bytes JMP 10019EB0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!GetKeyboardState 75746946 5 Bytes JMP 10019680 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!BlockInput 75746A99 5 Bytes JMP 10018580 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SetWindowsHookExA 75746D0C 5 Bytes JMP 1001CB20 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendMessageTimeoutA 75746DA9 5 Bytes JMP 1001AEE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendInput 75747019 5 Bytes JMP 10019930 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!ExitWindowsEx 757606C7 3 Bytes JMP 10017C90 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!ExitWindowsEx + 4 757606CB 1 Byte [9A] .text C:\Windows\system32\wininit.exe[580] USER32.dll!keybd_event 7576EC3B 3 Bytes JMP 100299D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] USER32.dll!keybd_event + 4 7576EC3F 1 Byte [9A] .text C:\Windows\system32\wininit.exe[580] USER32.dll!SendMessageCallbackA 75773E8B 5 Bytes JMP 1001A960 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] GDI32.dll!BitBlt 764672C0 5 Bytes JMP 10029530 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] GDI32.dll!MaskBlt 7646C7AD 5 Bytes JMP 10029280 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] GDI32.dll!StretchBlt 7646F467 5 Bytes JMP 10028D50 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] GDI32.dll!PlgBlt 76480F73 5 Bytes JMP 10028FF0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\csrss.exe[592] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 75191BA0 C:\windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[592] ntdll.dll!NtReplyWaitReceivePort 77146418 5 Bytes JMP 75191450 C:\windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[592] ntdll.dll!NtReplyWaitReceivePortEx 77146428 5 Bytes JMP 751917F0 C:\windows\system32\cmdcsr.dll .text C:\Windows\system32\svchost.exe[652] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[652] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] services.exe 005D1608 4 Bytes [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[660] services.exe 005D1618 4 Bytes [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[660] services.exe 005D1638 4 Bytes [40, E5, 01, 10] .text C:\Windows\system32\services.exe[660] services.exe 005D1648 4 Bytes [80, DF, 01, 10] .text C:\Windows\system32\services.exe[660] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] RPCRT4.dll!RpcServerRegisterIfEx 760909BC 5 Bytes JMP 1001F870 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\services.exe[660] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] RPCRT4.dll!RpcServerRegisterIfEx 760909BC 5 Bytes JMP 1001F870 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[868] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] RPCRT4.dll!RpcServerRegisterIfEx 760909BC 5 Bytes JMP 1001F870 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[936] rpcss.dll!CoGetComCatalog 745235EC 8 Bytes JMP EDF01001 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[952] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Programy\COMODO Internet Security\COMODO\COMODO Internet Security\cmdagent.exe[1008] ntdll.dll!NtAllocateVirtualMemory 771452D8 5 Bytes JMP 00534850 C:\Programy\COMODO Internet Security\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Programy\COMODO Internet Security\COMODO\COMODO Internet Security\cmdagent.exe[1008] ntdll.dll!NtCreateFile 771455C8 5 Bytes JMP 0054ECA0 C:\Programy\COMODO Internet Security\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] RPCRT4.dll!RpcServerRegisterIfEx 760909BC 5 Bytes JMP 1001F870 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\taskhost.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1552] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\System32\spoolsv.exe[1684] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] RPCRT4.dll!RpcServerRegisterIfEx 760909BC 5 Bytes JMP 1001F870 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Dwm.exe[1840] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[1964] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\PDF Complete\pdfsvc.exe[2080] advapi32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2268] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\PnkBstrA.exe[2288] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\mspaint.exe[2320] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2340] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2384] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2432] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2524] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2584] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtCreateKey + 6 7714560E 4 Bytes [68, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtCreateKey + B 77145613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtCreateMutant + 6 7714564E 4 Bytes [68, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtCreateMutant + B 77145653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtCreateSection + 6 771456EE 4 Bytes [A8, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtCreateSection + B 771456F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenKey + 6 77145D0E 4 Bytes [A8, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenKey + B 77145D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenKeyEx + B 77145D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenMutant + 6 77145D5E 4 Bytes [28, 82, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenMutant + B 77145D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [68, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenProcessToken + 6 77145D9E 4 Bytes [A8, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [68, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenSection + B 77145DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [28, 83, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [28, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenThreadTokenEx + 6 77145E2E 4 Bytes [A8, 84, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 80, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 81, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [28, 85, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!ActivateKeyboardLayout 75718203 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!ScreenToClient 7571A506 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!RegisterClipboardFormatA 7571C091 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!RegisterClipboardFormatW 7571DF8D 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!SetCursor 75723075 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!MonitorFromWindow 75723622 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!PostMessageW 7572447B 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!IsWindowVisible 75724D69 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetClientRect 757254DD 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!MapWindowPoints 75725CAA 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetParent 75726029 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!EmptyClipboard 7573290C 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!SetClipboardData 75732962 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetClipboardData 75732BA7 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetClipboardFormatNameW 75735FD2 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!SetClipboardViewer 75736FF6 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetClipboardFormatNameA 7573700A 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!ChangeClipboardChain 7574147C 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetTopWindow 757424D9 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!CloseClipboard 7574446C 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!OpenClipboard 7574447E 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!IsClipboardFormatAvailable 757444FF 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetClipboardSequenceNumber 75744513 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetClipboardOwner 75744525 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!CountClipboardFormats 7574470A 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!EnumClipboardFormats 757447EC 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetOpenClipboardWindow 7574480B 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!SetCursorPos 7575C1B0 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetClipboardViewer 75774AF7 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] user32.DLL!GetPriorityClipboardFormat 75774BF9 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!DeleteObject 76465F14 5 Bytes JMP 002A01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SelectObject 76466640 5 Bytes JMP 002A05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SetTextColor 76466906 5 Bytes JMP 002A0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SetBkMode 764669B1 5 Bytes JMP 002A08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetDeviceCaps 76466F7F 5 Bytes JMP 002A03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!ExtSelectClipRgn 76467114 5 Bytes JMP 002A02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SelectClipRgn 76467242 5 Bytes JMP 002A05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SetStretchBltMode 76467705 5 Bytes JMP 002A06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetCurrentObject 76467917 5 Bytes JMP 002A0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetTextMetricsW 76467B8F 5 Bytes JMP 002A0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetTextAlign 76467DAF 5 Bytes JMP 002A0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!IntersectClipRect 76467DFE 5 Bytes JMP 002A03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!ExtTextOutW 76468192 5 Bytes JMP 002A0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SetTextAlign 7646828E 5 Bytes JMP 002A09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetClipBox 76468525 5 Bytes JMP 002A0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!MoveToEx 76468C21 5 Bytes JMP 002A0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!StretchDIBits 7646A53E 5 Bytes JMP 002A0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!RestoreDC 7646A67B 5 Bytes JMP 002A0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SaveDC 7646A74B 5 Bytes JMP 002A0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetTextExtentPoint32W 7646B4B5 5 Bytes JMP 002A0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetTextFaceW 7646B73A 2 Bytes JMP 002A0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetTextFaceW + 3 7646B73D 2 Bytes [E3, 89] {JECXZ 0xffffff8b} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetFontData 7646BCC4 5 Bytes JMP 002A0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SetWorldTransform 7646C90A 5 Bytes JMP 002A06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!CreateICW 7646CFD0 5 Bytes JMP 002A0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetTextMetricsA 7646D0F2 5 Bytes JMP 002A0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!Rectangle 7646F1FF 5 Bytes JMP 002A09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!LineTo 7646F59B 5 Bytes JMP 002A0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SetICMMode 7646FAA4 5 Bytes JMP 002A0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!ExtTextOutA 764703F9 5 Bytes JMP 002A0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetTextExtentPoint32A 764707B0 5 Bytes JMP 002A0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!ExtEscape 76472949 5 Bytes JMP 002A02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!Escape 76473939 5 Bytes JMP 002A0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetTextFaceA 76473E6A 5 Bytes JMP 002A0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SetPolyFillMode 7647D851 5 Bytes JMP 002A0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SetMiterLimit 7647DA0D 5 Bytes JMP 002A0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!EndPage 764800D7 5 Bytes JMP 002A0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!ResetDCW 7648050D 5 Bytes JMP 002A0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!GetGlyphOutlineW 7648C1BA 5 Bytes JMP 002A0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!CreateScalableFontResourceW 7648E817 5 Bytes JMP 002A0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!AddFontResourceW 7648EC13 5 Bytes JMP 002A0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!RemoveFontResourceW 7648F109 5 Bytes JMP 002A0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!AbortDoc 76494C63 5 Bytes JMP 002A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!EndDoc 764950AA 5 Bytes JMP 002A01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!StartPage 76495195 5 Bytes JMP 002A0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!StartDocW 76495BB0 5 Bytes JMP 002A07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!BeginPath 7649635D 5 Bytes JMP 002A0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!SelectClipPath 764963B4 5 Bytes JMP 002A0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!CloseFigure 7649640F 5 Bytes JMP 002A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!EndPath 76496466 5 Bytes JMP 002A0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!StrokePath 76496699 5 Bytes JMP 002A07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!FillPath 76496726 5 Bytes JMP 002A0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!PolylineTo 76496B94 5 Bytes JMP 002A04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!PolyBezierTo 76496C25 5 Bytes JMP 002A04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] GDI32.dll!PolyDraw 76496CD7 5 Bytes JMP 002A08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] advapi32.DLL!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ole32.dll!OleSetClipboard 75F70045 5 Bytes JMP 002C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ole32.dll!OleIsCurrentClipboard 75F736B2 5 Bytes JMP 002C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2704] ole32.dll!OleGetClipboard 75F9FDCD 5 Bytes JMP 002C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[2732] advapi32.DLL!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2756] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2764] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2816] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[3140] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[3268] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\System32\alg.exe[3268] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3492] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 5EADEEB0 C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 7729941E 7 Bytes JMP 5F0E9778 C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] kernel32.dll!QueryPerformanceCounter + 13 7729C435 7 Bytes JMP 5F0E979B C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] kernel32.dll!LoadAppInitDlls + 355 7729F4F6 7 Bytes JMP 5EAE4CE9 C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] GDI32.dll!GetViewportOrgEx + 26C 7646884B 7 Bytes JMP 5F0E96F9 C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\firefox.exe[3552] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\windows\WindowsMobile\wmdc.exe[3584] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3608] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Users\General\Desktop\msygsulj.exe[3708] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\System32\WUDFHost.exe[3796] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4044] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4160] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4452] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] KERNEL32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] KERNEL32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] KERNEL32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5220] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5320] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[5400] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5440] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] USER32.dll!RegisterMessagePumpHook + 2F1 75718B9E 7 Bytes JMP 5F1BD8D4 C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] USER32.dll!IsDialogMessageW + 340 75724444 7 Bytes JMP 5F1BD863 C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] USER32.dll!GetWindowInfo 75724B5E 5 Bytes JMP 5F012A67 C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] USER32.dll!ToUnicodeEx + 71 75732223 7 Bytes JMP 5F01306A C:\Programy\Mozilla Firefox\xul.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll .text C:\Programy\Mozilla Firefox\plugin-container.exe[5496] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] ntdll.dll!NtAlpcSendWaitReceivePort 77145418 5 Bytes JMP 1002B670 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] ntdll.dll!NtClose 771454C8 5 Bytes JMP 1001D120 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] ntdll.dll!LdrUnloadDll 7715C86E 7 Bytes JMP 1001D240 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 10027F40 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] kernel32.dll!CreateProcessW 7725204D 5 Bytes JMP 10025070 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] kernel32.dll!CreateProcessA 77252082 5 Bytes JMP 10025C00 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] kernel32.dll!CreateProcessAsUserW 772859FF 5 Bytes JMP 10023BA0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] ADVAPI32.dll!CreateProcessAsUserA 758C2538 5 Bytes JMP 100244D0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] GDI32.dll!DeleteDC 76466EAA 5 Bytes JMP 10028D10 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] GDI32.dll!GetPixel 7646C3D5 5 Bytes JMP 10028AE0 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] GDI32.dll!CreateDCA 7646CCA9 5 Bytes JMP 10029E10 C:\windows\System32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5824] GDI32.dll!CreateDCW 7646CF79 5 Bytes JMP 10029D10 C:\windows\System32\guard32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [737E562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737E56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73802546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [737F85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [737F4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [737F5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [737F51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [737F6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [737F8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [737F8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [737F90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [737FE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[440] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [737F4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8571F1F8 Device \FileSystem\fastfat \FatCdrom 858541F8 Device \FileSystem\udfs \UdfsCdRom 874131F8 Device \FileSystem\udfs \UdfsDisk 874131F8 Device \Driver\usbehci \Device\USBPDO-0 876D11F8 Device \Driver\usbehci \Device\USBPDO-1 876D11F8 AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{87296603-9D56-40EF-8E0D-372DD6C7AAB0} 875931F8 Device \Driver\cdrom \Device\CdRom0 874011F8 Device \Driver\iaStor \Device\Ide\iaStor0 [8BEB0360] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BEB0360] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BEB0360] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\USBSTOR \Device\00000068 87F93430 Device \Driver\NetBT \Device\NetBt_Wins_Export 875931F8 AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys Device \Driver\USBSTOR \Device\0000006b 87F93430 Device \Driver\USBSTOR \Device\0000006c 87F93430 Device \Driver\usbehci \Device\USBFDO-0 876D11F8 Device \Driver\USBSTOR \Device\0000006d 87F93430 Device \Driver\usbehci \Device\USBFDO-1 876D11F8 Device \Driver\USBSTOR \Device\0000006e 87F93430 Device \Driver\USBSTOR \Device\0000006f 87F93430 Device \Driver\USBSTOR \Device\0000007c 87F93430 Device \Driver\USBSTOR \Device\0000007d 87F93430 Device \FileSystem\fastfat \Fat 858541F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0xE3 0xB8 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4B 0x5F 0x91 0x6D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0xE3 0xB8 0x23 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4B 0x5F 0x91 0x6D ... Reg HKCU\Software\Microsoft\Windows Live\Companion\p_imielinski@hotmail.com@785758cead80b8e90159468e07542d34\r\n 0x45 0x23 0x01 0xDF ... ---- EOF - GMER 2.1 ----