GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-05 19:01:16 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVS-26VAT0 rev.11.01A11 298,09GB Running: gmer.exe; Driver: C:\Users\Bartek\AppData\Local\Temp\kwddypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x8F8BDFB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x8F8BE19C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0x8F8BD310] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0x8F8BDC16] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0x8F8BD9CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x8F8BED14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0x8F8BCCFC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0x8F8BE746] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x8F8BD5D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0x8F8BDDF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0x8F8BD872] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0x8F8BEA32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x8F8BD542] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0x8F8BD75E] SSDT \??\C:\Users\Bartek\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS ZwTerminateProcess [0xA0078640] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0x8F8BCF00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThreadEx [0x8F8BE3CA] INT 0x52 ? 86FC8BF8 INT 0x52 ? 86FC8BF8 INT 0x52 ? 86FC8BF8 INT 0x61 ? 85390BF8 INT 0x62 ? 86FC8BF8 INT 0x71 ? 85390BF8 INT 0x72 ? 86FC8BF8 INT 0x72 ? 86FC8BF8 INT 0x72 ? 86FC8BF8 INT 0x81 ? 85390BF8 INT 0x81 ? 85390BF8 INT 0x81 ? 85390BF8 INT 0x81 ? 85390BF8 INT 0x81 ? 85390BF8 INT 0x81 ? 85390BF8 INT 0x81 ? 85390BF8 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 119 828B67DC 4 Bytes [B0, DF, 8B, 8F] .text ntkrnlpa.exe!KeSetEvent + 13D 828B6800 4 Bytes [9C, E1, 8B, 8F] .text ntkrnlpa.exe!KeSetEvent + 1C1 828B6884 4 Bytes [10, D3, 8B, 8F] .text ntkrnlpa.exe!KeSetEvent + 1D9 828B689C 4 Bytes [16, DC, 8B, 8F] .text ntkrnlpa.exe!KeSetEvent + 215 828B68D8 4 Bytes [CA, D9, 8B, 8F] .text ... ? System32\Drivers\spjx.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B159480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B19A900, 0x3CA, 0x48000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA09000, 0x2311A4, 0xE8000020] ? C:\Windows\System32\Drivers\tosrfcom.sys suspicious PE modification ? System32\Drivers\SCDEmu.SYS System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9E45B300, 0x3AE88, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9E49E300, 0x1B7E, 0xE8000020] ? C:\Users\Bartek\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS Nie można odnaleźć określonego pliku. ! ? C:\Users\Bartek\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[860] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 75601BA0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[860] ntdll.dll!NtReplyWaitReceivePort 77074F74 5 Bytes JMP 75601450 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[860] ntdll.dll!NtReplyWaitReceivePortEx 77074F84 5 Bytes JMP 756017F0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\wininit.exe[928] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!RegisterRawInputDevices 756D6161 5 Bytes JMP 10018F00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SetWindowsHookExA 756D6322 5 Bytes JMP 1001CB20 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SystemParametersInfoA 756D82E1 7 Bytes JMP 1001C690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!GetAsyncKeyState 756D863C 5 Bytes JMP 10019120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SetWindowsHookExW 756D87AD 5 Bytes JMP 1001C8B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendNotifyMessageW 756D93D6 5 Bytes JMP 1001A160 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!MoveWindow 756D989F 5 Bytes JMP 10018C20 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SetWinEventHook 756D9F3A 5 Bytes JMP 1001C160 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SetParent 756DA2AA 5 Bytes JMP 10018980 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!PostThreadMessageA 756DBD34 5 Bytes JMP 1001B980 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!GetKeyboardState 756DBD7D 5 Bytes JMP 10019680 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!RegisterHotKey 756DBDA5 5 Bytes JMP 10018140 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!EnableWindow 756DCD8B 5 Bytes JMP 10017EA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!PostMessageA 756DF8F8 5 Bytes JMP 1001BEC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendMessageA 756DF956 5 Bytes JMP 1001B440 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendMessageTimeoutW 756E352D 5 Bytes JMP 1001AC20 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendMessageCallbackW 756E4570 5 Bytes JMP 1001A6A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!PostThreadMessageW 756E7C8E 5 Bytes JMP 1001B6E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!GetKeyState 756E8CB1 5 Bytes JMP 100193D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!PostMessageW 756EA175 5 Bytes JMP 1001BC20 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendMessageW 756F0AED 5 Bytes JMP 1001B1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SystemParametersInfoW 756F11D8 7 Bytes JMP 1001C470 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendDlgItemMessageA 756F275B 5 Bytes JMP 10019EB0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SetClipboardViewer 756FBA2D 5 Bytes JMP 10018780 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendNotifyMessageA 756FDFCF 5 Bytes JMP 1001A400 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!BlockInput 756FFF0A 5 Bytes JMP 10018580 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendMessageTimeoutA 75700006 5 Bytes JMP 1001AEE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!mouse_event 7570044E 5 Bytes JMP 100297C0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendDlgItemMessageW 75700E38 5 Bytes JMP 10019C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendInput 75702F75 5 Bytes JMP 10019930 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!GetClipboardData 7571715A 5 Bytes JMP 10018370 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!ExitWindowsEx 7571B7C3 5 Bytes JMP 10017C90 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!keybd_event 7572D972 5 Bytes JMP 100299D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] USER32.dll!SendMessageCallbackA 75732CA7 5 Bytes JMP 1001A960 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] GDI32.dll!BitBlt 767A70A6 5 Bytes JMP 10029530 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] GDI32.dll!StretchBlt 767A93D6 5 Bytes JMP 10028D50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] GDI32.dll!MaskBlt 767AC5CB 5 Bytes JMP 10029280 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[928] GDI32.dll!PlgBlt 767BEB50 5 Bytes JMP 10028FF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\csrss.exe[936] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 75601BA0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[936] ntdll.dll!NtReplyWaitReceivePort 77074F74 5 Bytes JMP 75601450 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[936] ntdll.dll!NtReplyWaitReceivePortEx 77074F84 5 Bytes JMP 756017F0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\System32\spoolsv.exe[972] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[972] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[976] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] services.exe 00581628 4 Bytes [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[980] services.exe 00581638 4 Bytes [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[980] services.exe 00581658 4 Bytes [40, E5, 01, 10] .text C:\Windows\system32\services.exe[980] services.exe 00581668 4 Bytes [80, DF, 01, 10] .text C:\Windows\system32\services.exe[980] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] RPCRT4.dll!RpcServerRegisterIfEx 76D2929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[980] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[996] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1000] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[1004] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00E17F40 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 00E0D240 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 00E1B670 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] ntdll.dll!NtClose 77074184 5 Bytes JMP 00E0D120 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 00E15070 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 00E15C00 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 00E18D10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 00E19D10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 00E19E10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 00E18AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 00E144D0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1028] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 00E13BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] RPCRT4.dll!RpcServerRegisterIfEx 76D2929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1192] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] KERNEL32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] KERNEL32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1244] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] RPCRT4.dll!RpcServerRegisterIfEx 76D2929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] rpcss.dll!WhichService 71B53F84 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1372] ntdll.dll!NtAllocateVirtualMemory 77073FA4 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1372] ntdll.dll!NtCreateFile 77074244 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Windows\system32\svchost.exe[1460] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1460] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1508] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1536] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1580] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] RPCRT4.dll!RpcServerRegisterIfEx 76D2929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1644] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1716] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1740] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1812] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[1916] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1960] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1988] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] RPCRT4.dll!RpcServerRegisterIfEx 76D2929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2064] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00E27F40 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 00E1D240 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 00E2B670 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] ntdll.dll!NtClose 77074184 5 Bytes JMP 00E1D120 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 00E25070 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 00E25C00 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 00E244D0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 00E23BA0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 00E28D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 00E29D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 00E29E10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[2088] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 00E28AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[2176] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2220] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[2240] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] KERNEL32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] KERNEL32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2400] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2420] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 01127F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 0111D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 0112B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] ntdll.dll!NtClose 77074184 5 Bytes JMP 0111D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 01125070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 01125C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 011244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 01123BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 01128D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 01129D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 01129E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2444] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 01128AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2464] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\notepad.exe[2480] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2532] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2568] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2596] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2668] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00397F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 0038D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 0039B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] ntdll.dll!NtClose 77074184 5 Bytes JMP 0038D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 00395070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 00395C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 003944D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 00393BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 00398D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 00399D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 00399E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[2688] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 00398AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 01527F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 0151D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 0152B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] ntdll.dll!NtClose 77074184 5 Bytes JMP 0151D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 01525070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 01525C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 01528D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 01529D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 01529E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 01528AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 015244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2832] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 01523BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3264] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3304] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] USER32.dll!InSendMessageEx + 4C9 756DE7C8 7 Bytes JMP 65201678 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] USER32.dll!CreateWindowExW + AA 756E13AF 7 Bytes JMP 65201607 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] USER32.dll!GetWindowInfo 756E428E 5 Bytes JMP 64E2FBF7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] USER32.dll!SetMenuItemBitmaps + 71 756F14EE 7 Bytes JMP 64E30118 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3324] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3348] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3404] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3444] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\osk.exe[3476] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3528] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 019E7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 019DD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 019EB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] ntdll.dll!NtClose 77074184 5 Bytes JMP 019DD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 019E5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 019E5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 019E44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 019E3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 019E8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 019E9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 019E9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3576] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 019E8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3592] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00CC7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 00CBD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 00CCB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] ntdll.dll!NtClose 77074184 5 Bytes JMP 00CBD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 00CC5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 00CC5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 00CC8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 00CC9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 00CC9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 00CC8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 00CC44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3600] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 00CC3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3688] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] KERNEL32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] KERNEL32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3728] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[3784] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3792] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[3808] ntdll.dll!NtAllocateVirtualMemory 77073FA4 5 Bytes JMP 00780630 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3840] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3856] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3868] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3928] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 01FF7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 01FED240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 01FFB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] ntdll.dll!NtClose 77074184 5 Bytes JMP 01FED120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 01FF5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 01FF5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 01FF8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 01FF9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 01FF9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 01FF8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 01FF44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3956] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 01FF3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 003D7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 003CD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 003DB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] ntdll.dll!NtClose 77074184 5 Bytes JMP 003CD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 003D5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 003D5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 003D8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 003D9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 003D9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 003D8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 003D44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[3976] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 003D3BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[3980] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4044] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtCreateKey + 6 7707428A 4 Bytes [68, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtCreateKey + B 7707428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtCreateMutant + 6 770742BA 4 Bytes [28, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtCreateMutant + B 770742BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtCreateSection + 6 7707433A 4 Bytes [68, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtCreateSection + B 7707433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [A8, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenKey + 6 77074A5A 4 Bytes [A8, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenKey + B 77074A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenMutant + B 77074A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenProcess + 6 77074AAA 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [28, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenProcessToken + 6 77074ABA 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenProcessToken + 6 77074ABA 4 Bytes [68, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [28, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenSection + 6 77074ADA 4 Bytes [A8, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenSection + B 77074ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenThreadToken + 6 77074B2A 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenThreadTokenEx + 6 77074B3A 4 Bytes [68, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtSetInformationThread + 6 770751AA 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [A8, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] kernel32.dll!OpenEventW 76DEC023 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] kernel32.dll!CreateEventW 76E1B85E 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!DeleteObject 767A5A37 5 Bytes JMP 002501B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetDeviceCaps 767A617F 5 Bytes JMP 002503B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SelectObject 767A62A0 5 Bytes JMP 002505F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SetTextColor 767A666B 5 Bytes JMP 00250A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SetBkMode 767A6716 5 Bytes JMP 002508F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetCurrentObject 767A6B58 5 Bytes JMP 00250370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SetStretchBltMode 767A7206 5 Bytes JMP 002506B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SaveDC 767A75BA 5 Bytes JMP 00250570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!RestoreDC 767A7675 5 Bytes JMP 00250530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!StretchDIBits 767A78CF 5 Bytes JMP 00250770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!ExtSelectClipRgn 767A79F8 5 Bytes JMP 002502F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SelectClipRgn 767A7AF9 5 Bytes JMP 002505B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!MoveToEx 767A7C33 5 Bytes JMP 00250470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!Rectangle 767A7EA9 5 Bytes JMP 002509B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetTextAlign 767A82E0 5 Bytes JMP 00250D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SetTextAlign 767A85CB 5 Bytes JMP 002509F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!ExtTextOutW 767A872B 5 Bytes JMP 00250970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetTextMetricsW 767A8A81 5 Bytes JMP 00250E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!IntersectClipRect 767A8B64 5 Bytes JMP 002503F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetClipBox 767A9071 5 Bytes JMP 00250330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SetICMMode 767A94E7 5 Bytes JMP 00250DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!CreateICW 767AB2E9 5 Bytes JMP 00250130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetTextFaceW 767AB637 5 Bytes JMP 00250D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetFontData 767ABA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetFontData 767ABA6C 5 Bytes JMP 00250C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetTextExtentPoint32W 767AC01A 5 Bytes JMP 00250670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SetWorldTransform 767AC46A 5 Bytes JMP 002506F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!LineTo 767AC65E 5 Bytes JMP 00250430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetTextMetricsA 767ACCEB 5 Bytes JMP 00250DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!ExtTextOutA 767B00A5 5 Bytes JMP 00250930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetTextExtentPoint32A 767B0E58 5 Bytes JMP 00250630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!ExtEscape 767B22A7 5 Bytes JMP 002502B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!Escape 767B27F1 5 Bytes JMP 00250270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!ResetDCW 767B3132 5 Bytes JMP 00250AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!EndPage 767B375E 5 Bytes JMP 00250230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SetPolyFillMode 767B61D3 5 Bytes JMP 00250B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SetMiterLimit 767B62E2 5 Bytes JMP 00250B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetTextFaceA 767BF4C5 5 Bytes JMP 00250CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!GetGlyphOutlineW 767CA41F 5 Bytes JMP 00250CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!CreateScalableFontResourceW 767CC88B 5 Bytes JMP 00250BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!AddFontResourceW 767CCC93 5 Bytes JMP 00250BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!RemoveFontResourceW 767CD129 5 Bytes JMP 00250C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!AbortDoc 767D2CC4 5 Bytes JMP 00250030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!EndDoc 767D30D8 5 Bytes JMP 002501F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!StartPage 767D31C3 5 Bytes JMP 00250730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!StartDocW 767D3CA7 5 Bytes JMP 002507F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!BeginPath 767D4465 5 Bytes JMP 00250830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!SelectClipPath 767D44BC 5 Bytes JMP 00250AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!CloseFigure 767D4517 5 Bytes JMP 00250070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!EndPath 767D456E 5 Bytes JMP 00250A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!StrokePath 767D47A0 5 Bytes JMP 002507B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!FillPath 767D482C 5 Bytes JMP 00250870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!PolylineTo 767D4C95 5 Bytes JMP 002504F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!PolyBezierTo 767D4D25 5 Bytes JMP 002504B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] GDI32.dll!PolyDraw 767D4DD6 5 Bytes JMP 002508B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!SetCursor 756DD37D 5 Bytes JMP 00260530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!RegisterClipboardFormatW 756DD6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!RegisterClipboardFormatW 756DD6AC 5 Bytes JMP 002602B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!ActivateKeyboardLayout 756E478C 5 Bytes JMP 002604F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!IsWindowVisible 756E878A 7 Bytes JMP 002606B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!MonitorFromWindow 756E88D4 7 Bytes JMP 00260630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!ScreenToClient 756E8C56 7 Bytes JMP 00260670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetClientRect 756E8F0D 7 Bytes JMP 002605B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetParent 756E90AA 7 Bytes JMP 002606F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!RegisterClipboardFormatA 756EA111 5 Bytes JMP 002602F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!PostMessageW 756EA175 5 Bytes JMP 002605F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!MapWindowPoints 756EA30D 5 Bytes JMP 00260570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetClipboardFormatNameA 756EA552 5 Bytes JMP 00260270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetOpenClipboardWindow 756F26A6 5 Bytes JMP 002603F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!SetClipboardViewer 756FBA2D 5 Bytes JMP 002604B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!IsClipboardFormatAvailable 756FC2E3 5 Bytes JMP 002600F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!CloseClipboard 756FC2F7 5 Bytes JMP 002600B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!OpenClipboard 756FC31D 5 Bytes JMP 00260070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetTopWindow 756FCE0A 7 Bytes JMP 00260730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetClipboardSequenceNumber 756FD8B7 5 Bytes JMP 00260330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!ChangeClipboardChain 756FDF83 5 Bytes JMP 00260430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!CountClipboardFormats 75700048 5 Bytes JMP 002601F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetClipboardOwner 757026EF 5 Bytes JMP 00260370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!SetClipboardData 75716410 5 Bytes JMP 00260170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!EnumClipboardFormats 75716D16 5 Bytes JMP 002601B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!SetCursorPos 75716FB2 5 Bytes JMP 00260770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetClipboardData 7571715A 5 Bytes JMP 00260030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetClipboardFormatNameW 7571A99F 5 Bytes JMP 00260230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!EmptyClipboard 7573398B 5 Bytes JMP 00260130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetClipboardViewer 757339ED 5 Bytes JMP 00260470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] USER32.dll!GetPriorityClipboardFormat 75733AEF 5 Bytes JMP 002603B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ole32.dll!OleGetClipboard 76BD74C9 5 Bytes JMP 002700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ole32.dll!OleSetClipboard 76C011E3 5 Bytes JMP 00270030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] ole32.dll!OleIsCurrentClipboard 76C0A8F9 5 Bytes JMP 00270070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!FreeContextBuffer 75542D83 5 Bytes JMP 002900F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!DeleteSecurityContext 75542F18 5 Bytes JMP 00290270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!FreeCredentialsHandle 75543598 5 Bytes JMP 00290130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!EncryptMessage 75543745 5 Bytes JMP 002901F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!DecryptMessage 75543813 5 Bytes JMP 00290230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!InitializeSecurityContextA 755487DF 5 Bytes JMP 00290170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!AcquireCredentialsHandleA 75548A43 5 Bytes JMP 00290030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!QueryContextAttributesA 75548E77 5 Bytes JMP 00290070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!ApplyControlToken 7554DE4F 5 Bytes JMP 002901B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[4300] Secur32.dll!QueryCredentialsAttributesA 7554E052 5 Bytes JMP 002900B0 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[4424] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[4428] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4468] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 01B57F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 01B4D240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 01B5B670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] ntdll.dll!NtClose 77074184 5 Bytes JMP 01B4D120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 01B55070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 01B55C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 01B58D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 01B59D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 01B59E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 01B58AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 01B544D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4640] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 01B53BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4780] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, C4, B7, 00] {SUB AH, AL; MOV BH, 0x0} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, C7, B7, 00] {SUB BH, AL; MOV BH, 0x0} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, C4, B7, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, C5, B7, 00] {TEST AL, 0xc5; MOV BH, 0x0} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcessToken + 6 77074ABA 4 Bytes CALL 76080284 C:\Windows\system32\SHELL32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, C6, B7, 00] {TEST AL, 0xc6; MOV BH, 0x0} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, C5, B7, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, C6, B7, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThreadTokenEx + 6 77074B3A 4 Bytes CALL 76080305 C:\Windows\system32\SHELL32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, C4, B7, 00] {TEST AL, 0xc4; MOV BH, 0x0} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtQueryFullAttributesFile + 6 77074C7A 4 Bytes CALL 76080443 C:\Windows\system32\SHELL32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, C5, B7, 00] {SUB CH, AL; MOV BH, 0x0} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, C6, B7, 00] {SUB DH, AL; MOV BH, 0x0} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, C7, B7, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[4840] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00EB7F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 00EAD240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 00EBB670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] ntdll.dll!NtClose 77074184 5 Bytes JMP 00EAD120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 00EB5070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 00EB5C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 00EB8D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 00EB9D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 00EB9E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 00EB8AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 00EB44D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4920] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 00EB3BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 01987F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 0197D240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 0198B670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] ntdll.dll!NtClose 77074184 5 Bytes JMP 0197D120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 01985070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 01985C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 01988D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 01989D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 01989E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 01988AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 019844D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5196] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 01983BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] CRYPT32.dll!CertDuplicateCRLContext + 5A 74EC816D 7 Bytes JMP 0054EE40 .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[5220] CRYPT32.dll!I_CryptFreeLruCache + 1E4 74ECD402 7 Bytes JMP 0054EEB0 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00BC7F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 00BBD240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 00BCB670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] ntdll.dll!NtClose 77074184 5 Bytes JMP 00BBD120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 00BC5070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 00BC5C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 00BC8D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 00BC9D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 00BC9E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 00BC8AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 00BC44D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5436] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 00BC3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00F37F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 00F2D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 00F3B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] ntdll.dll!NtClose 77074184 5 Bytes JMP 00F2D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 00F35070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 00F35C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 00F38D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 00F39D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 00F39E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 00F38AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 00F344D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5756] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 00F33BA0 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 02077F40 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 0206D240 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 3 Bytes JMP 0207B670 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] ntdll.dll!NtAlpcSendWaitReceivePort + 4 770740E8 1 Byte [8B] .text E:\programy\Gadu-Gadu\gg.exe[5808] ntdll.dll!NtClose 77074184 5 Bytes JMP 0206D120 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 02075070 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 02075C00 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 020744D0 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 02073BA0 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 02078D10 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 02079D10 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 02079E10 C:\Windows\system32\guard32.dll .text E:\programy\Gadu-Gadu\gg.exe[5808] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 02078AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 00317F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 0030D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 0031B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] ntdll.dll!NtClose 77074184 5 Bytes JMP 0030D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 00315070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 00315C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 00318D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 00319D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 00319E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 00318AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 003144D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[5944] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 00313BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 003D7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 003CD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 003DB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] ntdll.dll!NtClose 77074184 5 Bytes JMP 003CD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 003D5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 003D5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 003D8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 003D9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 003D9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 003D8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 003D44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[5952] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 003D3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 64C68BF0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] kernel32.dll!HeapSetInformation + 26 76DFA8B0 7 Bytes JMP 64C7F1AD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] kernel32.dll!LockResource + C 76E16ACB 7 Bytes JMP 64FB7FCD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] kernel32.dll!VirtualAllocEx + 54 76E1AF50 7 Bytes JMP 64FB7FF0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] GDI32.dll!SetStretchBltMode + 256 767A745C 7 Bytes JMP 64FB7F4E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] CRYPT32.dll!CertDuplicateCRLContext + 5A 74EC816D 7 Bytes JMP 00F3EE40 .text C:\Program Files\Mozilla Firefox\firefox.exe[6044] CRYPT32.dll!I_CryptFreeLruCache + 1E4 74ECD402 7 Bytes JMP 00F3EEB0 .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 003C7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 003BD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 003CB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] ntdll.dll!NtClose 77074184 5 Bytes JMP 003BD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 003C5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 003C5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 003C44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 003C3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 003C8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 003C9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 003C9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[6076] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 003C8AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, 94, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, 97, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, 94, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, 95, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, 96, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, 95, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, 96, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, 94, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, 95, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, 96, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, 97, 81, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[6228] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, D4, 72, 00] {SUB AH, DL; JB 0x4} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, D7, 72, 00] {SUB BH, DL; JB 0x4} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, D4, 72, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, D5, 72, 00] {TEST AL, 0xd5; JB 0x4} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, D6, 72, 00] {TEST AL, 0xd6; JB 0x4} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, D5, 72, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, D6, 72, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, D4, 72, 00] {TEST AL, 0xd4; JB 0x4} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, D5, 72, 00] {SUB CH, DL; JB 0x4} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, D6, 72, 00] {SUB DH, DL; JB 0x4} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, D7, 72, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7016] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, DC, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, DF, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, DC, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, DD, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, DE, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, DD, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, DE, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, DC, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, DD, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, DE, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, DF, 35, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7372] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, 3C, 87, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, 3F, 87, 00] {SUB [EDI], BH; XCHG [EAX], EAX} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, 3C, 87, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, 3D, 87, 00] {TEST AL, 0x3d; XCHG [EAX], EAX} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, 3E, 87, 00] {TEST AL, 0x3e; XCHG [EAX], EAX} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, 3D, 87, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, 3E, 87, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, 3C, 87, 00] {TEST AL, 0x3c; XCHG [EAX], EAX} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, 3D, 87, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, 3E, 87, 00] {SUB [ESI], BH; XCHG [EAX], EAX} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, 3F, 87, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7728] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, F4, 8D, 00] {SUB AH, DH; LEA EAX, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, F7, 8D, 00] {SUB BH, DH; LEA EAX, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, F4, 8D, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, F5, 8D, 00] {TEST AL, 0xf5; LEA EAX, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, F6, 8D, 00] {TEST AL, 0xf6; LEA EAX, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, F5, 8D, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, F6, 8D, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, F4, 8D, 00] {TEST AL, 0xf4; LEA EAX, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, F5, 8D, 00] {SUB CH, DH; LEA EAX, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, F6, 8D, 00] {SUB DH, DH; LEA EAX, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, F7, 8D, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[7832] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[8492] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[8800] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, F8, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, FB, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, F8, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, F9, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, FA, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, F9, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, FA, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, F8, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, F9, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, FA, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, FB, 65, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[8848] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, 60, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, 63, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, 60, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, 61, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, 62, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, 61, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, 62, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, 60, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, 61, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, 62, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, 63, 4F, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9176] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtCreateFile + 6 7707424A 4 Bytes [28, 10, 22, 00] {SUB [EAX], DL; AND AL, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtCreateFile + B 7707424F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtMapViewOfSection + 6 7707499A 4 Bytes [28, 13, 22, 00] {SUB [EBX], DL; AND AL, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtMapViewOfSection + B 7707499F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenFile + 6 77074A2A 4 Bytes [68, 10, 22, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenFile + B 77074A2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenProcess + 6 77074AAA 4 Bytes [A8, 11, 22, 00] {TEST AL, 0x11; AND AL, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenProcess + B 77074AAF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenProcessToken + B 77074ABF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenProcessTokenEx + 6 77074ACA 4 Bytes [A8, 12, 22, 00] {TEST AL, 0x12; AND AL, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenProcessTokenEx + B 77074ACF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenThread + 6 77074B1A 4 Bytes [68, 11, 22, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenThread + B 77074B1F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenThreadToken + 6 77074B2A 4 Bytes [68, 12, 22, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenThreadToken + B 77074B2F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtOpenThreadTokenEx + B 77074B3F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtQueryAttributesFile + 6 77074BCA 4 Bytes [A8, 10, 22, 00] {TEST AL, 0x10; AND AL, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtQueryAttributesFile + B 77074BCF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtQueryFullAttributesFile + B 77074C7F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtSetInformationFile + 6 7707515A 4 Bytes [28, 11, 22, 00] {SUB [ECX], DL; AND AL, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtSetInformationFile + B 7707515F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtSetInformationThread + 6 770751AA 4 Bytes [28, 12, 22, 00] {SUB [EDX], DL; AND AL, [EAX]} .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtSetInformationThread + B 770751AF 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtUnmapViewOfSection + 6 7707544A 4 Bytes [68, 13, 22, 00] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ntdll.dll!NtUnmapViewOfSection + B 7707544F 1 Byte [E2] .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9392] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] CRYPT32.dll!CertDuplicateCRLContext + 5A 74EC816D 7 Bytes JMP 037DEE40 .text C:\Users\Bartek\AppData\Local\Google\Chrome\Application\chrome.exe[9496] CRYPT32.dll!I_CryptFreeLruCache + 1E4 74ECD402 7 Bytes JMP 037DEEB0 .text C:\Users\Bartek\Desktop\OTL.exe[10228] ntdll.dll!LdrLoadDll 77039378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] ntdll.dll!LdrUnloadDll 7704B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] ntdll.dll!NtAlpcSendWaitReceivePort 770740E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] ntdll.dll!NtClose 77074184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] kernel32.dll!CreateProcessW 76DD1BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] kernel32.dll!CreateProcessA 76DD1C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] GDI32.dll!DeleteDC 767A68CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] GDI32.dll!CreateDCW 767AA91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] GDI32.dll!CreateDCA 767AAA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] GDI32.dll!GetPixel 767ABE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] ADVAPI32.dll!CreateProcessAsUserA 76F4CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\Desktop\OTL.exe[10228] ADVAPI32.dll!CreateProcessAsUserW 76F61EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71257817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7129B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7125BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7124F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [712575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7124E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [712873F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7125DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7124FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7124FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [712471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [712DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7127C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7124D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71246853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7124687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3348] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71252AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 85D251F8 Device \Driver\volmgr \Device\VolMgrControl 85D211F8 Device \Driver\usbohci \Device\USBPDO-0 86FC91F8 Device \Driver\usbohci \Device\USBPDO-1 86FC91F8 Device \Driver\usbehci \Device\USBPDO-2 86FC7500 Device \Driver\usbohci \Device\USBPDO-3 86FC91F8 Device \Driver\usbohci \Device\USBPDO-4 86FC91F8 AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys Device \Driver\usbehci \Device\USBPDO-5 86FC7500 Device \Driver\volmgr \Device\HarddiskVolume1 85D211F8 Device \Driver\volmgr \Device\HarddiskVolume2 85D211F8 Device \Driver\netbt \Device\NetBT_Tcpip_{6685B23C-404C-4322-AA9B-24213C781381} 87D651F8 Device \Driver\cdrom \Device\CdRom0 86F60500 Device \Driver\volmgr \Device\HarddiskVolume3 85D211F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85D231F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85D231F8 Device \Driver\atapi \Device\Ide\IdePort0 85D231F8 Device \Driver\atapi \Device\Ide\IdePort1 85D231F8 Device \Driver\atapi \Device\Ide\IdePort2 85D231F8 Device \Driver\atapi \Device\Ide\IdePort3 85D231F8 Device \Driver\atapi \Device\Ide\IdePort4 85D231F8 Device \Driver\atapi \Device\Ide\IdePort5 85D231F8 Device \Driver\atapi \Device\Ide\IdePort6 85D231F8 Device \Driver\atapi \Device\Ide\IdePort7 85D231F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 85D241F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 85D241F8 Device \Driver\msahci \Device\Ide\PciIde0Channel2 85D241F8 Device \Driver\msahci \Device\Ide\PciIde0Channel3 85D241F8 Device \Driver\msahci \Device\Ide\PciIde0Channel4 85D241F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 85D241F8 Device \Driver\netbt \Device\NetBT_Tcpip_{21112D84-5F80-4067-9103-43F7228AA682} 87D651F8 Device \Driver\netbt \Device\NetBt_Wins_Export 87D651F8 Device \Driver\netbt \Device\NetBT_Tcpip_{BBF4B183-BA5B-479E-9AF0-95DC8D13AC34} 87D651F8 Device \Driver\Smb \Device\NetbiosSmb 87D2D1F8 Device \Driver\iScsiPrt \Device\RaidPort0 870131F8 AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys Device \Driver\usbohci \Device\USBFDO-0 86FC91F8 Device \Driver\usbohci \Device\USBFDO-1 86FC91F8 Device \Driver\usbehci \Device\USBFDO-2 86FC7500 Device \Driver\usbohci \Device\USBFDO-3 86FC91F8 Device \Driver\usbohci \Device\USBFDO-4 86FC91F8 Device \Driver\usbehci \Device\USBFDO-5 86FC7500 Device \FileSystem\cdfs \Cdfs 897E71F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87033698]<< 87033698 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f4b030] 85f4b030 Trace 3 CLASSPNP.SYS[8af118b3] -> nt!IofCallDriver -> [0x87007e00] 87007e00 Trace \Driver\00001299[0x87007f38] -> IRP_MJ_CREATE -> 0x87033698 87033698 ---- Modules - GMER 2.1 ---- Module (noname) (*** hidden *** ) 8F439000-8F453000 (106496 bytes) ---- Processes - GMER 2.1 ---- Process C:\Windows\System32\svchost.exe (*** hidden *** ) 4120 Process svchost.exe (*** hidden *** ) 7200 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037aa4de35 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x26 0xFA 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00037aa4de35 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x26 0xFA 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x89 0x99 0x14 0x79 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4F 0x2B 0x9B 0xAC ... ---- Files - GMER 2.1 ---- File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\294203DD-E3E2-44AB-8FFF-BF626409440A.data 70207 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\294203DD-E3E2-44AB-8FFF-BF626409440A.data.info 94 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2F4F44B4-7C5E-4654-8513-FBC54549FD2E.data 195072 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2F4F44B4-7C5E-4654-8513-FBC54549FD2E.data.info 170 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\5AC5460B-8EBA-4546-87FE-9A71753B1482.data 1211 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\5AC5460B-8EBA-4546-87FE-9A71753B1482.data.info 76 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\87386723-F580-4AA9-B5AB-5806B942D98C.data 1152337 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\87386723-F580-4AA9-B5AB-5806B942D98C.data.info 234 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A78834C4-4CEB-42FE-B58B-E73A0E5C8708.data 578043 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A78834C4-4CEB-42FE-B58B-E73A0E5C8708.data.info 286 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A8207A02-F0FB-4188-8F24-7EA231C591FE.data 384335 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A8207A02-F0FB-4188-8F24-7EA231C591FE.data.info 152 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AA9C40F5-8F6C-40EC-B322-4890631D0CB2.data 117760 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AA9C40F5-8F6C-40EC-B322-4890631D0CB2.data.info 98 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AFAE7393-B001-4A68-BB60-D379D457364C.data 643435 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AFAE7393-B001-4A68-BB60-D379D457364C.data.info 284 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B389F68F-7346-4AE9-BC45-ADF86B2EC674.data 37863604 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B389F68F-7346-4AE9-BC45-ADF86B2EC674.data.info 162 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\CB23B507-9ECE-470F-866D-8749B79C9DDF.data 49152 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\CB23B507-9ECE-470F-866D-8749B79C9DDF.data.info 80 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\D5A659F0-0BD5-4C09-849E-1681A00ED590.data 61883 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\D5A659F0-0BD5-4C09-849E-1681A00ED590.data.info 176 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File C:\Users\Bartek\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00fe8a 59307 bytes File C:\Windows\$NtUninstallKB32880$\2821335130 0 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\@ 2048 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\L 0 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\L\00000004.@ 804 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\L\201d3dde 155 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\L\76603ac3 0 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\L\qnbwvoto 64128 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\U 0 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\U\00000004.@ 2048 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\U\00000008.@ 1024 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\U\000000cb.@ 1632 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\U\80000000.@ 11776 bytes File C:\Windows\$NtUninstallKB32880$\2821335130\U\80000032.@ 96768 bytes File C:\Windows\$NtUninstallKB32880$\3207693406 0 bytes