GMER 2.1.19322 - http://www.gmer.net Rootkit scan 2014-01-17 16:10:42 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD5000AUDX-63WNHY0 rev.01.01A01 465,76GB Running: gmer.exe; Driver: D:\DOCUME~1\smo\USTAWI~1\Temp\pfldqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xABF5B7E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xABF5AD90] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xABF5B44A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xABF5C040] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xABF5DC20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xABF5DF9E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xABF5A77C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xABF5B9D0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xABF5BBE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xABF5A582] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xABF5C82A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xABF5CA80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xABF5D652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xABF5B058] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xABF5B626] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xABF5C030] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xABF5A1B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xABF5B2F2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xABF5A3B4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xABF5CC8E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xABF5D0E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xABF5CEA0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xABF5C5B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xABF5BE54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xABF5D93E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xABF5C30A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xABF5AFC2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xABF5B1DE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xABF5AB92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xABF5A980] INT 0x62 ? 8ABD1CB8 INT 0x63 ? 8ABD1CB8 INT 0x82 ? 8ABD1CB8 INT 0x83 ? 8A9F5CB8 INT 0x83 ? 8A9F5CB8 INT 0x83 ? 8A9F5CB8 INT 0xA4 ? 8A9F5CB8 INT 0xB4 ? 8A9F5CB8 Code B86EAC9C ZwRequestPort Code B86EAD3C ZwRequestWaitReplyPort Code B86EABFC ZwTraceEvent Code B86EAC9B NtRequestPort Code B86EAD3B NtRequestWaitReplyPort Code B86EABFB NtTraceEvent ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CD4 8082D570 4 Bytes CALL CB2ECB30 .text ntkrnlpa.exe!NtTraceEvent 8085E118 5 Bytes JMP B86EAC00 PAGE ntkrnlpa.exe!NtRequestPort 808CBA3C 5 Bytes JMP B86EACA0 PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 808CBD68 5 Bytes JMP B86EAD40 .text sptd.sys B7E92000 28 Bytes [30, F8, A0, 80, A6, 4B, A1, ...] .text sptd.sys B7E9201D 3 Bytes [F9, A0, 80] .text sptd.sys B7E92024 28 Bytes [9A, E2, 85, 80, 68, 49, 87, ...] .text sptd.sys B7E92041 172 Bytes [F2, 86, 80, 04, 7C, 92, 80, ...] .text sptd.sys B7E920EE 54 Bytes [86, 80, 70, 29, 86, 80, 20, ...] .text ... .sptd2 D:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F3C9E3] ? D:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB2807380, 0x550AF5, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text D:\WINDOWS\system32\services.exe[296] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] RPCRT4.dll!RpcServerRegisterIfEx 77E8E04B 5 Bytes JMP 1001F870 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\services.exe[296] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00C4D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00C5BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00C5B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C57F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00C4D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C55070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C55C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00C53BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00C544D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00C58D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00C58AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00C59E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\PLUGINS\Media\WinMerge\WinMergeU.exe[304] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00C59D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\lsass.exe[308] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 01DCD120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 01DDBCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 01DDB9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 01DD7F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 01DCD240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01DD5070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01DD5C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 01DD8D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 01DD8AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 01DD9E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 01DD9D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 01DD3BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-hostd.exe[348] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 01DD44D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[384] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00534850 D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054ECA0 D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text D:\Program Files\Copy Handler\ch.exe[412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0099D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 009ABCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 009AB9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009A7F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0099D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A5070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A5C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 009A3BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 009A44D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 009A8D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 009A8AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 009A9E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Copy Handler\ch.exe[412] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 009A9D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\nvsvc32.exe[520] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] RPCRT4.dll!RpcServerRegisterIfEx 77E8E04B 5 Bytes JMP 1001F870 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[576] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] RPCRT4.dll!RpcServerRegisterIfEx 77E8E04B 5 Bytes JMP 1001F870 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[620] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] RPCRT4.dll!RpcServerRegisterIfEx 77E8E04B 5 Bytes JMP 1001F870 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[684] rpcss.dll!WhichService 76A64234 8 Bytes JMP EDF01001 .text D:\Program Files\Sandboxie\SbieSvc.exe[724] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieSvc.exe[724] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0091D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0092BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0092B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00927F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] ntdll.dll!LdrUnloadDll 7C916C9B 3 Bytes JMP 0091D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] ntdll.dll!LdrUnloadDll + 4 7C916C9F 1 Byte [84] .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00925070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00925C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00923BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 009244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00928D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00928AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00929E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1012] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00929D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodtray.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Desktop Sidebar\dsidebar.exe[1124] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanTray.exe[1132] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\Explorer.EXE[1152] SHELL32.dll!SHFileOperationW 7CA7093C 5 Bytes JMP 02141102 D:\Program Files\Unlocker\UnlockerHook.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\totalcmd.exe[1228] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiprvse.exe[1240] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Sandboxie\SbieCtrl.exe[1256] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Moje dokumenty\PowerMenu 1.5.1\PowerMenu.exe[1264] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe[1292] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Free Download Manager\fdm.exe[1320] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Unlocker\UnlockerAssistant.exe[1348] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Vista Drive Icon\DrvIcon.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\A4Tech\Mouse\Amoumain.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003CD120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003DBCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003DB9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003D7F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003CD240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D5070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D5C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 003D3BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 003D44D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003D8D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 003D8AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003D9E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1380] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003D9D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\RUNDLL32.EXE[1388] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 004314E0 D:\Program Files\PeerBlock\peerblock.exe .text D:\Program Files\PeerBlock\peerblock.exe[1412] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\PeerBlock\peerblock.exe[1412] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\CTHELPER.EXE[1424] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Opera\opera.exe[1460] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BE3A60 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Opera\opera.exe[1460] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 00BE3CC0 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Opera\opera.exe[1460] WS2_32.dll!recv 71A5676F 5 Bytes JMP 00BE3C20 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Opera\opera.exe[1460] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 00BE3B00 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Opera\opera.exe[1460] WS2_32.dll!WSAGetOverlappedResult 71A60D1B 5 Bytes JMP 00BE47C0 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Opera\opera.exe[1460] WININET.dll!InternetReadFile 3FD0654B 5 Bytes JMP 00BE3E00 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Opera\opera.exe[1460] WININET.dll!InternetCloseHandle 3FD09088 5 Bytes JMP 00BE3E50 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Opera\opera.exe[1460] WININET.dll!HttpSendRequestW 3FD0FABE 5 Bytes JMP 00BE3EB0 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Opera\opera.exe[1460] WININET.dll!HttpSendRequestA 3FD1EE89 5 Bytes JMP 00BE3E70 D:\Program Files\Free Download Manager\flvsniff.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Java\jre6\bin\jqs.exe[1476] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\CTXFIHLP.EXE[1496] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003BD120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 003CBCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 003CB9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003C7F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003BD240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003C8D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 003C8AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003C9E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003C9D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 003C3BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\XimSoft\RAM Kontroler\RAMKontroler.exe[1628] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 003C44D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\TC UP\TC UP.exe[1656] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeter.exe[1684] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[1796] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00780630 D:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\SYSTEM32\CTXFISPI.EXE[1848] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnetdhcp.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\spoolsv.exe[1976] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\csrss.exe[1996] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 D:\WINDOWS\system32\cmdcsr.dll .text D:\WINDOWS\system32\csrss.exe[1996] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 D:\WINDOWS\system32\cmdcsr.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\wbem\wmiapsrv.exe[2252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2324] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\svchost.exe[2344] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2360] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Cacheman\CachemanServ.exe[2548] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\DU Meter\DUMeterSvc.exe[2648] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A0D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00A1BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00A1B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A17F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00A0D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A15070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A15C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00A13BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00A144D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00A18D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00A18AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00A19E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\VMware\VMware Workstation\vmware-authd.exe[2704] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00A19D10 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Documents and Settings\smo\Pulpit\gmer.exe[2732] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\msdtc.exe[2964] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2968] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 008A7190 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] kernel32.dll!DeviceIoControl 7C801629 7 Bytes JMP 008A7130 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] kernel32.dll!CreateFileA 7C801A28 2 Bytes JMP 008A6F40 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] kernel32.dll!CreateFileA + 3 7C801A2B 2 Bytes [0A, 84] .text D:\Program Files\MPC-BE\mpc-be.exe[3176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A6F50 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] kernel32.dll!IsDebuggerPresent 7C813133 6 Bytes JMP 00E498B0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00821D90 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegCloseKey 77DC6C27 5 Bytes JMP 00821AE0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 5 Bytes JMP 00821EA0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00821B50 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00821D60 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00821DC0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 5 Bytes JMP 00821E70 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegEnumKeyExW 77DC7BD9 5 Bytes JMP 00821C80 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegEnumValueW 77DC7EED 5 Bytes JMP 00821CE0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegSetValueExW 77DCD767 7 Bytes JMP 00821F60 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegQueryValueW 77DCD87A 5 Bytes JMP 00821ED0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00821B30 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegSetValueExA 77DCEAE7 7 Bytes JMP 00821F30 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegDeleteValueA 77DCECE5 5 Bytes JMP 00821BF0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegDeleteValueW 77DCEDF1 5 Bytes JMP 00821C20 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00821D40 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 5 Bytes JMP 00821B90 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegQueryInfoKeyA 77DD4332 5 Bytes JMP 00821DE0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegQueryInfoKeyW 77DD49CE 5 Bytes JMP 00821E10 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegEnumKeyExA 77DD51B6 5 Bytes JMP 00821C50 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegDeleteKeyW 77DD559B 5 Bytes JMP 00821BC0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegFlushKey 77DE4CE0 5 Bytes JMP 00821D10 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegEnumValueA 77DE9BBF 5 Bytes JMP 00821CB0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00821B70 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegQueryValueA 77DEBB8D 5 Bytes JMP 00821E40 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00821B10 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegSetValueA 77DEC79E 5 Bytes JMP 00821F00 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ADVAPI32.dll!RegSetValueW 77E26116 5 Bytes JMP 00821F90 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\MPC-BE\mpc-be.exe[3176] USER32.dll!ChangeDisplaySettingsExA 7E37A2DA 5 Bytes JMP 008A6EE0 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] USER32.dll!ChangeDisplaySettingsExW 7E3A950D 5 Bytes JMP 008A6F10 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\MPC-BE\mpc-be.exe[3176] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 00821850 D:\Program Files\MPC-BE\mpc-be.exe .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 00401C50 D:\Program Files\OO Software\Defrag\oodag.exe .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\OO Software\Defrag\oodag.exe[3396] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\vmnat.exe[3608] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\WINDOWS\system32\dllhost.exe[3848] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe[3860] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006AD120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 006BBCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 006BB9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006B7F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 006AD240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006B5070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006B5C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 006B3BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 3 Bytes JMP 006B44D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] ADVAPI32.dll!CreateProcessAsUserA + 4 77E00CEC 1 Byte [88] .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 006B8D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 006B8AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 006B9E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe[4056] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 006B9D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001D120 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BCD0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B9B0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10027F40 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001D240 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023BA0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 100244D0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028AE0 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029E10 D:\WINDOWS\system32\guard32.dll .text D:\Program Files\Raxco\PerfectDisk\PDAgent.exe[4092] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029D10 D:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8AC031E8 Device \FileSystem\Fastfat \FatCdrom 880FA1E8 Device \Driver\usbhub \Device\0000009b hcmon.sys Device \Driver\usbhub \Device\0000009c hcmon.sys AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys Device \Driver\usbhub \Device\0000009d hcmon.sys Device \Driver\usbhub \Device\0000009e hcmon.sys Device \Driver\usbhub \Device\0000009f hcmon.sys Device \Driver\usbohci \Device\USBPDO-0 8A9F41E8 Device \Driver\usbohci \Device\USBPDO-0 hcmon.sys Device \Driver\usbohci \Device\USBPDO-1 8A9F41E8 Device \Driver\usbohci \Device\USBPDO-1 hcmon.sys Device \Driver\usbehci \Device\USBPDO-2 8A9DC1E8 Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys Device \Driver\usbohci \Device\USBPDO-3 8A9F41E8 Device \Driver\usbohci \Device\USBPDO-3 hcmon.sys Device \Driver\usbohci \Device\USBPDO-4 8A9F41E8 Device \Driver\usbohci \Device\USBPDO-4 hcmon.sys Device \Driver\usbhub \Device\000000a0 hcmon.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{371DB25A-D106-40EE-B8FD-33D26EC4A4B3} 8892F1E8 AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys Device \Driver\usbehci \Device\USBPDO-5 8A9DC1E8 Device \Driver\usbehci \Device\USBPDO-5 hcmon.sys Device \Driver\usbhub \Device\000000a1 hcmon.sys Device \Driver\usbohci \Device\USBPDO-6 8A9F41E8 Device \Driver\usbohci \Device\USBPDO-6 hcmon.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{23DAB09F-926F-4F69-8877-692749D5754E} 8892F1E8 Device \Driver\Cdrom \Device\CdRom0 8A9F91E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{540E9A6D-7128-4DE6-8EFD-C38726DC4613} 8892F1E8 Device \Driver\Cdrom \Device\CdRom1 8A9F91E8 Device \Driver\atapi \Device\Ide\IdePort0 [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-2b [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-36 [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [B7DE6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8892F1E8 Device \Driver\NetBT \Device\NetbiosSmb 8892F1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{58777A3A-0048-418A-8243-C1DF9B6DB28A} 8892F1E8 AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys Device \Driver\nusb3xhc \Device\00000097 hcmon.sys Device \Driver\nusb3xhc \Device\00000099 hcmon.sys Device \Driver\usbohci \Device\USBFDO-0 8A9F41E8 Device \Driver\usbohci \Device\USBFDO-0 hcmon.sys Device \Driver\usbohci \Device\USBFDO-1 8A9F41E8 Device \Driver\usbohci \Device\USBFDO-1 hcmon.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 888AD1E8 Device \Driver\usbehci \Device\USBFDO-2 8A9DC1E8 Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys Device \FileSystem\MRxSmb \Device\LanmanRedirector 888AD1E8 Device \Driver\usbohci \Device\USBFDO-3 8A9F41E8 Device \Driver\usbohci \Device\USBFDO-3 hcmon.sys Device \Driver\usbohci \Device\USBFDO-4 8A9F41E8 Device \Driver\usbohci \Device\USBFDO-4 hcmon.sys Device \Driver\usbehci \Device\USBFDO-5 8A9DC1E8 Device \Driver\usbehci \Device\USBFDO-5 hcmon.sys Device \Driver\usbohci \Device\USBFDO-6 8A9F41E8 Device \Driver\usbohci \Device\USBFDO-6 hcmon.sys Device \Driver\nusb3hub \Device\0000009a hcmon.sys Device \FileSystem\Fastfat \Fat 880FA1E8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys Device \FileSystem\Cdfs \Cdfs 887761E8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA091064-AC2E-5F33-3D5C-EB1C77878861} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA091064-AC2E-5F33-3D5C-EB1C77878861}@jacihgopakiadcheopgg 0x62 0x61 0x62 0x67 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA091064-AC2E-5F33-3D5C-EB1C77878861}@jacihgopakiadcheopkg 0x62 0x61 0x61 0x67 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA091064-AC2E-5F33-3D5C-EB1C77878861}@iachhafjmdeephlhcp 0x6B 0x61 0x64 0x67 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA091064-AC2E-5F33-3D5C-EB1C77878861}@hamhnccjfnhefjkm 0x6B 0x61 0x64 0x67 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB5E49C8-3BF3-B13B-179A-20C354DDFF34} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB5E49C8-3BF3-B13B-179A-20C354DDFF34}@jaiablfnbckodmdggncj 0x62 0x61 0x66 0x6C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB5E49C8-3BF3-B13B-179A-20C354DDFF34}@jaiablfnbckodmdggngh 0x62 0x61 0x67 0x6C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB5E49C8-3BF3-B13B-179A-20C354DDFF34}@iaifnodgnfahmcglbc 0x6B 0x61 0x68 0x6C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB5E49C8-3BF3-B13B-179A-20C354DDFF34}@hacglinmbicpnhjj 0x6B 0x61 0x68 0x6C ... ---- EOF - GMER 2.1 ----