GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-26 21:56:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 OCZ-VERTEX4 rev.1.5 119,24GB Running: gmer.exe; Driver: C:\USERS\USER\APPDATA\LOCAL\TEMP\axlcaaod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076eb1430 8 bytes JMP 000000016fff0110 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076eb1800 8 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007705f9e0 5 bytes JMP 000000011001d120 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fcb0 5 bytes JMP 000000011002fc20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007705fd64 5 bytes JMP 000000011002e100 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007705fdc8 5 bytes JMP 000000011002ed90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007705fec0 5 bytes JMP 000000011002c3c0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007705ffa4 5 bytes JMP 000000011002e7a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077060004 2 bytes JMP 0000000110030080 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 0000000077060007 2 bytes [FD, 98] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060084 5 bytes JMP 000000011002fe40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770600b4 5 bytes JMP 000000011002e400 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770603b8 5 bytes JMP 000000011002cde0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077060550 5 bytes JMP 000000011002b670 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077060694 5 bytes JMP 000000011002f8b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706088c 5 bytes JMP 000000011002bfe0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770608a4 5 bytes JMP 000000011002ca40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060df4 5 bytes JMP 000000011002f6a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077060ed8 5 bytes JMP 000000011002f220 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061be4 5 bytes JMP 000000011002f460 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077061cb4 5 bytes JMP 000000011002c670 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077061d8c 5 bytes JMP 000000011002f020 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007707c4dd 5 bytes JMP 0000000110027f40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077081287 7 bytes JMP 000000011001d240 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007573103d 5 bytes JMP 0000000110025070 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075731072 5 bytes JMP 0000000110025c00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007575c9b5 5 bytes JMP 0000000110023ba0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076bff784 5 bytes JMP 000000011001d270 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075308bff 5 bytes JMP 000000011001b6e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000753090d3 7 bytes JMP 000000011001c470 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075309679 5 bytes JMP 000000011001b1a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000753097d2 5 bytes JMP 000000011001ac20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007530ee09 5 bytes JMP 000000011001c160 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007530efc9 5 bytes JMP 0000000110018140 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000753112a5 5 bytes JMP 000000011001bc20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007531291f 5 bytes JMP 00000001100193d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SetParent 0000000075312d64 5 bytes JMP 0000000110018980 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075312da4 5 bytes JMP 0000000110017ea0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075313698 5 bytes JMP 0000000110018c20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075313baa 5 bytes JMP 000000011001bec0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075313c61 5 bytes JMP 000000011001b980 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007531612e 5 bytes JMP 000000011001b440 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075316c30 7 bytes JMP 000000011001c690 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075317603 5 bytes JMP 000000011001c8b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075317668 5 bytes JMP 000000011001a160 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000753176e0 5 bytes JMP 000000011001a6a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007531781f 5 bytes JMP 000000011001aee0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007531835c 5 bytes JMP 000000011001cb20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007531c4b6 5 bytes JMP 0000000110018780 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007532c112 5 bytes JMP 0000000110019eb0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007532d0f5 5 bytes JMP 0000000110019c00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007532eb96 5 bytes JMP 0000000110019120 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007532ec68 5 bytes JMP 0000000110019680 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendInput 000000007532ff4a 5 bytes JMP 0000000110019930 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075349f1d 5 bytes JMP 0000000110018370 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075351497 5 bytes JMP 0000000110017c90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!mouse_event 000000007536027b 5 bytes JMP 00000001100297c0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!keybd_event 00000000753602bf 5 bytes JMP 00000001100299d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075366cfc 5 bytes JMP 000000011001a960 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075366d5d 5 bytes JMP 000000011001a400 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075367dd7 5 bytes JMP 0000000110018580 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000753688eb 5 bytes JMP 0000000110018f00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000754358b3 5 bytes JMP 0000000110028d10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075435ea6 5 bytes JMP 0000000110029530 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075437bcc 5 bytes JMP 0000000110029e10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007543b895 5 bytes JMP 0000000110028d50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007543c332 5 bytes JMP 0000000110029280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007543cbfb 5 bytes JMP 0000000110028ae0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007543e743 5 bytes JMP 0000000110029d10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075464857 5 bytes JMP 0000000110028ff0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000074a72642 5 bytes JMP 00000001100244d0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007705f9e0 5 bytes JMP 000000011001d120 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fcb0 5 bytes JMP 000000011002fc20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007705fd64 5 bytes JMP 000000011002e100 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007705fdc8 5 bytes JMP 000000011002ed90 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007705fec0 5 bytes JMP 000000011002c3c0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007705ffa4 5 bytes JMP 000000011002e7a0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077060004 2 bytes JMP 0000000110030080 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 0000000077060007 2 bytes [FD, 98] .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060084 5 bytes JMP 000000011002fe40 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770600b4 5 bytes JMP 000000011002e400 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770603b8 5 bytes JMP 000000011002cde0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077060550 5 bytes JMP 000000011002b670 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077060694 5 bytes JMP 000000011002f8b0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706088c 5 bytes JMP 000000011002bfe0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770608a4 5 bytes JMP 000000011002ca40 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060df4 5 bytes JMP 000000011002f6a0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077060ed8 5 bytes JMP 000000011002f220 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061be4 5 bytes JMP 000000011002f460 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077061cb4 5 bytes JMP 000000011002c670 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077061d8c 5 bytes JMP 000000011002f020 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007707c4dd 5 bytes JMP 0000000110027f40 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077081287 7 bytes JMP 000000011001d240 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007573103d 5 bytes JMP 0000000110025070 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075731072 5 bytes JMP 0000000110025c00 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007575c9b5 5 bytes JMP 0000000110023ba0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076bff784 5 bytes JMP 000000011001d270 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000074a72642 5 bytes JMP 00000001100244d0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075308bff 5 bytes JMP 000000011001b6e0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000753090d3 7 bytes JMP 000000011001c470 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075309679 5 bytes JMP 000000011001b1a0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000753097d2 5 bytes JMP 000000011001ac20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007530ee09 5 bytes JMP 000000011001c160 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007530efc9 5 bytes JMP 0000000110018140 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000753112a5 5 bytes JMP 000000011001bc20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007531291f 5 bytes JMP 00000001100193d0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SetParent 0000000075312d64 5 bytes JMP 0000000110018980 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075312da4 5 bytes JMP 0000000110017ea0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075313698 5 bytes JMP 0000000110018c20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075313baa 5 bytes JMP 000000011001bec0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075313c61 5 bytes JMP 000000011001b980 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007531612e 5 bytes JMP 000000011001b440 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075316c30 7 bytes JMP 000000011001c690 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075317603 5 bytes JMP 000000011001c8b0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075317668 5 bytes JMP 000000011001a160 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000753176e0 5 bytes JMP 000000011001a6a0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007531781f 5 bytes JMP 000000011001aee0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007531835c 5 bytes JMP 000000011001cb20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007531c4b6 5 bytes JMP 0000000110018780 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007532c112 5 bytes JMP 0000000110019eb0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007532d0f5 5 bytes JMP 0000000110019c00 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007532eb96 5 bytes JMP 0000000110019120 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007532ec68 5 bytes JMP 0000000110019680 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendInput 000000007532ff4a 5 bytes JMP 0000000110019930 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075349f1d 5 bytes JMP 0000000110018370 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075351497 5 bytes JMP 0000000110017c90 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!mouse_event 000000007536027b 5 bytes JMP 00000001100297c0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!keybd_event 00000000753602bf 5 bytes JMP 00000001100299d0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075366cfc 5 bytes JMP 000000011001a960 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075366d5d 5 bytes JMP 000000011001a400 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075367dd7 5 bytes JMP 0000000110018580 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000753688eb 5 bytes JMP 0000000110018f00 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000754358b3 5 bytes JMP 0000000110028d10 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075435ea6 5 bytes JMP 0000000110029530 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075437bcc 5 bytes JMP 0000000110029e10 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007543b895 5 bytes JMP 0000000110028d50 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007543c332 5 bytes JMP 0000000110029280 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007543cbfb 5 bytes JMP 0000000110028ae0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007543e743 5 bytes JMP 0000000110029d10 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075464857 5 bytes JMP 0000000110028ff0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075091401 2 bytes JMP 7575b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075091419 2 bytes JMP 7575b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075091431 2 bytes JMP 757d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007509144a 2 bytes CALL 757348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750914dd 2 bytes JMP 757d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750914f5 2 bytes JMP 757d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007509150d 2 bytes JMP 757d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075091525 2 bytes JMP 757d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007509153d 2 bytes JMP 7574fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075091555 2 bytes JMP 757568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007509156d 2 bytes JMP 757d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075091585 2 bytes JMP 757d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007509159d 2 bytes JMP 757d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750915b5 2 bytes JMP 7574fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750915cd 2 bytes JMP 7575b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750916b2 2 bytes JMP 757d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750916bd 2 bytes JMP 757d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007705f9e0 5 bytes JMP 000000011001d120 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fcb0 5 bytes JMP 000000011002fc20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007705fd64 5 bytes JMP 000000011002e100 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007705fdc8 5 bytes JMP 000000011002ed90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007705fec0 5 bytes JMP 000000011002c3c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007705ffa4 5 bytes JMP 000000011002e7a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077060004 2 bytes JMP 0000000110030080 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 0000000077060007 2 bytes [FD, 98] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060084 5 bytes JMP 000000011002fe40 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770600b4 5 bytes JMP 000000011002e400 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770603b8 5 bytes JMP 000000011002cde0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077060550 5 bytes JMP 000000011002b670 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077060694 5 bytes JMP 000000011002f8b0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706088c 5 bytes JMP 000000011002bfe0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770608a4 5 bytes JMP 000000011002ca40 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060df4 5 bytes JMP 000000011002f6a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077060ed8 5 bytes JMP 000000011002f220 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061be4 5 bytes JMP 000000011002f460 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077061cb4 5 bytes JMP 000000011002c670 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077061d8c 5 bytes JMP 000000011002f020 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007707c4dd 5 bytes JMP 0000000110027f40 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077081287 7 bytes JMP 000000011001d240 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 000000007573103d 5 bytes JMP 0000000110025070 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000075731072 5 bytes JMP 0000000110025c00 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 000000007575c9b5 5 bytes JMP 0000000110023ba0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076bff784 5 bytes JMP 000000011001d270 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000074a72642 5 bytes JMP 00000001100244d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000754358b3 5 bytes JMP 0000000110028d10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075435ea6 5 bytes JMP 0000000110029530 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075437bcc 5 bytes JMP 0000000110029e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007543b895 5 bytes JMP 0000000110028d50 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007543c332 5 bytes JMP 0000000110029280 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007543cbfb 5 bytes JMP 0000000110028ae0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007543e743 5 bytes JMP 0000000110029d10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075464857 5 bytes JMP 0000000110028ff0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075308bff 5 bytes JMP 000000011001b6e0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000753090d3 7 bytes JMP 000000011001c470 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075309679 5 bytes JMP 000000011001b1a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000753097d2 5 bytes JMP 000000011001ac20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007530ee09 5 bytes JMP 000000011001c160 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007530efc9 5 bytes JMP 0000000110018140 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000753112a5 5 bytes JMP 000000011001bc20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007531291f 5 bytes JMP 00000001100193d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SetParent 0000000075312d64 5 bytes JMP 0000000110018980 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075312da4 5 bytes JMP 0000000110017ea0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075313698 5 bytes JMP 0000000110018c20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075313baa 5 bytes JMP 000000011001bec0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075313c61 5 bytes JMP 000000011001b980 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007531612e 5 bytes JMP 000000011001b440 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075316c30 7 bytes JMP 000000011001c690 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075317603 5 bytes JMP 000000011001c8b0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075317668 5 bytes JMP 000000011001a160 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000753176e0 5 bytes JMP 000000011001a6a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007531781f 5 bytes JMP 000000011001aee0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007531835c 5 bytes JMP 000000011001cb20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007531c4b6 5 bytes JMP 0000000110018780 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007532c112 5 bytes JMP 0000000110019eb0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007532d0f5 5 bytes JMP 0000000110019c00 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007532eb96 5 bytes JMP 0000000110019120 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007532ec68 5 bytes JMP 0000000110019680 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendInput 000000007532ff4a 5 bytes JMP 0000000110019930 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075349f1d 5 bytes JMP 0000000110018370 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075351497 5 bytes JMP 0000000110017c90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!mouse_event 000000007536027b 5 bytes JMP 00000001100297c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!keybd_event 00000000753602bf 5 bytes JMP 00000001100299d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075366cfc 5 bytes JMP 000000011001a960 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075366d5d 5 bytes JMP 000000011001a400 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075367dd7 5 bytes JMP 0000000110018580 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3764] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000753688eb 5 bytes JMP 0000000110018f00 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007705f9e0 5 bytes JMP 000000011001d120 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fcb0 5 bytes JMP 000000011002fc20 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007705fd64 5 bytes JMP 000000011002e100 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007705fdc8 5 bytes JMP 000000011002ed90 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007705fec0 5 bytes JMP 000000011002c3c0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007705ffa4 5 bytes JMP 000000011002e7a0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077060004 2 bytes JMP 0000000110030080 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3 0000000077060007 2 bytes [FD, 98] .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060084 5 bytes JMP 000000011002fe40 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000770600b4 5 bytes JMP 000000011002e400 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000770603b8 5 bytes JMP 000000011002cde0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077060550 5 bytes JMP 000000011002b670 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077060694 5 bytes JMP 000000011002f8b0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706088c 5 bytes JMP 000000011002bfe0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000770608a4 5 bytes JMP 000000011002ca40 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060df4 5 bytes JMP 000000011002f6a0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077060ed8 5 bytes JMP 000000011002f220 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061be4 5 bytes JMP 000000011002f460 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077061cb4 5 bytes JMP 000000011002c670 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077061d8c 5 bytes JMP 000000011002f020 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007707c4dd 5 bytes JMP 0000000110027f40 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077081287 7 bytes JMP 000000011001d240 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007573103d 5 bytes JMP 0000000110025070 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075731072 5 bytes JMP 0000000110025c00 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007575c9b5 5 bytes JMP 0000000110023ba0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076bff784 5 bytes JMP 000000011001d270 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000074a72642 5 bytes JMP 00000001100244d0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000754358b3 5 bytes JMP 0000000110028d10 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075435ea6 5 bytes JMP 0000000110029530 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075437bcc 5 bytes JMP 0000000110029e10 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007543b895 5 bytes JMP 0000000110028d50 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007543c332 5 bytes JMP 0000000110029280 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007543cbfb 5 bytes JMP 0000000110028ae0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007543e743 5 bytes JMP 0000000110029d10 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075464857 5 bytes JMP 0000000110028ff0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075308bff 5 bytes JMP 000000011001b6e0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000753090d3 7 bytes JMP 000000011001c470 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075309679 5 bytes JMP 000000011001b1a0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000753097d2 5 bytes JMP 000000011001ac20 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007530ee09 5 bytes JMP 000000011001c160 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007530efc9 5 bytes JMP 0000000110018140 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000753112a5 5 bytes JMP 000000011001bc20 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007531291f 5 bytes JMP 00000001100193d0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SetParent 0000000075312d64 5 bytes JMP 0000000110018980 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075312da4 5 bytes JMP 0000000110017ea0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075313698 5 bytes JMP 0000000110018c20 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075313baa 5 bytes JMP 000000011001bec0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075313c61 5 bytes JMP 000000011001b980 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007531612e 5 bytes JMP 000000011001b440 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075316c30 7 bytes JMP 000000011001c690 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075317603 5 bytes JMP 000000011001c8b0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075317668 5 bytes JMP 000000011001a160 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000753176e0 5 bytes JMP 000000011001a6a0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007531781f 5 bytes JMP 000000011001aee0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007531835c 5 bytes JMP 000000011001cb20 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007531c4b6 5 bytes JMP 0000000110018780 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007532c112 5 bytes JMP 0000000110019eb0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007532d0f5 5 bytes JMP 0000000110019c00 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007532eb96 5 bytes JMP 0000000110019120 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007532ec68 5 bytes JMP 0000000110019680 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendInput 000000007532ff4a 5 bytes JMP 0000000110019930 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075349f1d 5 bytes JMP 0000000110018370 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075351497 5 bytes JMP 0000000110017c90 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!mouse_event 000000007536027b 5 bytes JMP 00000001100297c0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!keybd_event 00000000753602bf 5 bytes JMP 00000001100299d0 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075366cfc 5 bytes JMP 000000011001a960 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075366d5d 5 bytes JMP 000000011001a400 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075367dd7 5 bytes JMP 0000000110018580 .text e:\dane\Pulpit\gmer.exe[3756] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000753688eb 5 bytes JMP 0000000110018f00 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[GDI32.dll!DeleteObject] [1401ca880] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!SystemParametersInfoW] [1401cbb40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!AdjustWindowRectEx] [1401cbd20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!SetScrollInfo] [1401caa20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!SetScrollPos] [1401ca960] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!EnableScrollBar] [1401caad0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!GetScrollInfo] [1401cab90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!CallWindowProcW] [1401cac40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!DrawEdge] [1401cbf20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!GetSysColor] [1401ca810] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!GetSystemMetrics] [1401cb940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!DrawFrameControl] [1401cbfb0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!FillRect] [1401cbe70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[USER32.dll!GetSysColorBrush] [1401ca8e0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!CreateThread] [1401cb5c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!LoadLibraryExW] [1401cc3d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!LoadLibraryExA] [1401cc350] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExW] [1401cc3d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA] [1401cc2b0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ole32.dll[GDI32.dll!DeleteObject] [1401ca880] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ole32.dll[USER32.dll!CallWindowProcW] [1401cac40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ole32.dll[USER32.dll!SystemParametersInfoW] [1401cbb40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ole32.dll[USER32.dll!GetSystemMetrics] [1401cb940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ole32.dll[USER32.dll!GetSysColor] [1401ca810] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [1401cb7f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA] [1401cc350] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateThread] [1401cb5c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA] [1401cc2b0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!RegisterClassW] [1401cb7f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!SystemParametersInfoW] [1401cbb40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!GetSysColor] [1401ca810] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!GetSystemMetrics] [1401cb940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\OLEAUT32.dll[GDI32.dll!DeleteObject] [1401ca880] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\version.DLL[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\version.DLL[KERNEL32.dll!LoadLibraryExW] [1401cc3d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetModuleHandleA] [1401cc4d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryA] [1401cc2b0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExA] [1401cc350] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateThread] [1401cb5c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExW] [1401cc3d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[USER32.dll!SystemParametersInfoW] [1401cbb40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[USER32.dll!GetSystemMetrics] [1401cb940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\urlmon.dll[USER32.dll!RegisterClassA] [1401cb6a0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\IMM32.dll[USER32.dll!SystemParametersInfoW] [1401cbb40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\IMM32.dll[USER32.dll!DrawEdge] [1401cbf20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\IMM32.dll[USER32.dll!GetSystemMetrics] [1401cb940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!CreateThread] [1401cb5c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\IMM32.dll[GDI32.dll!DeleteObject] [1401ca880] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!LoadLibraryA] [1401cc2b0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!CreateThread] [1401cb5c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!GetModuleHandleA] [1401cc4d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!LoadLibraryExW] [1401cc3d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[USER32.dll!GetSystemMetrics] [1401cb940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[USER32.dll!GetSysColor] [1401ca810] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[USER32.dll!RegisterClassA] [1401cb6a0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[GDI32.dll!DeleteObject] [1401ca880] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryExW] [1401cc3d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryExA] [1401cc350] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [1401cc2b0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!CreateThread] [1401cb5c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryExA] [1401cc350] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryExW] [1401cc3d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryA] [1401cc2b0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Windows\System32\msxml3.dll[USER32.dll!RegisterClassW] [1401cb7f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL[GDI32.dll!DeleteObject] [1401ca880] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL[KERNEL32.dll!LoadLibraryW] [1401cc300] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL[KERNEL32.dll!CreateThread] [1401cb5c0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL[KERNEL32.dll!LoadLibraryA] [1401cc2b0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL[KERNEL32.dll!GetModuleHandleA] [1401cc4d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL[KERNEL32.dll!LoadLibraryExW] [1401cc3d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [1401cc5f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2936] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!LoadLibraryA] [1401cc2b0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ---- EOF - GMER 2.1 ----