GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-29 23:09:10 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVS-26VAT0 rev.11.01A11 298,09GB Running: gmer.exe; Driver: C:\Users\Bartek\AppData\Local\Temp\kwddypow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x8F8C2FB0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x8F8C319C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0x8F8C2310] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0x8F8C2C16] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0x8F8C29CA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x8F8C3D14] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0x8F8C1CFC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0x8F8C3746] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x8F8C25D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0x8F8C2DF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0x8F8C2872] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0x8F8C3A32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x8F8C2542] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0x8F8C275E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0x8F8C2112] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0x8F8C1F00] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThreadEx [0x8F8C33CA] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 119 828B87DC 4 Bytes [B0, 2F, 8C, 8F] .text ntkrnlpa.exe!KeSetEvent + 13D 828B8800 4 Bytes [9C, 31, 8C, 8F] .text ntkrnlpa.exe!KeSetEvent + 1C1 828B8884 4 Bytes [10, 23, 8C, 8F] .text ntkrnlpa.exe!KeSetEvent + 1D9 828B889C 4 Bytes [16, 2C, 8C, 8F] .text ntkrnlpa.exe!KeSetEvent + 215 828B88D8 4 Bytes [CA, 29, 8C, 8F] .text ... .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AD53480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AD94900, 0x3CA, 0x48000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC06000, 0x2311A4, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9D87B300, 0x3AE88, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9D8BE300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\spoolsv.exe[184] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\spoolsv.exe[184] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\csrss.exe[724] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 76221BA0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[724] ntdll.dll!NtReplyWaitReceivePort 77C94F74 5 Bytes JMP 76221450 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[724] ntdll.dll!NtReplyWaitReceivePortEx 77C94F84 5 Bytes JMP 762217F0 C:\Windows\system32\cmdcsr.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[784] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!RegisterRawInputDevices 76E86161 5 Bytes JMP 10018F00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SetWindowsHookExA 76E86322 5 Bytes JMP 1001CB20 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SystemParametersInfoA 76E882E1 7 Bytes JMP 1001C690 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!GetAsyncKeyState 76E8863C 5 Bytes JMP 10019120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SetWindowsHookExW 76E887AD 5 Bytes JMP 1001C8B0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendNotifyMessageW 76E893D6 5 Bytes JMP 1001A160 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!MoveWindow 76E8989F 5 Bytes JMP 10018C20 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SetWinEventHook 76E89F3A 5 Bytes JMP 1001C160 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SetParent 76E8A2AA 5 Bytes JMP 10018980 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!PostThreadMessageA 76E8BD34 5 Bytes JMP 1001B980 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!GetKeyboardState 76E8BD7D 5 Bytes JMP 10019680 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!RegisterHotKey 76E8BDA5 5 Bytes JMP 10018140 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!EnableWindow 76E8CD8B 5 Bytes JMP 10017EA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!PostMessageA 76E8F8F8 5 Bytes JMP 1001BEC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendMessageA 76E8F956 5 Bytes JMP 1001B440 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendMessageTimeoutW 76E9352D 5 Bytes JMP 1001AC20 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendMessageCallbackW 76E94570 5 Bytes JMP 1001A6A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!PostThreadMessageW 76E97C8E 5 Bytes JMP 1001B6E0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!GetKeyState 76E98CB1 5 Bytes JMP 100193D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!PostMessageW 76E9A175 5 Bytes JMP 1001BC20 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendMessageW 76EA0AED 5 Bytes JMP 1001B1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SystemParametersInfoW 76EA11D8 7 Bytes JMP 1001C470 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendDlgItemMessageA 76EA275B 5 Bytes JMP 10019EB0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SetClipboardViewer 76EABA2D 5 Bytes JMP 10018780 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendNotifyMessageA 76EADFCF 5 Bytes JMP 1001A400 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!BlockInput 76EAFF0A 5 Bytes JMP 10018580 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendMessageTimeoutA 76EB0006 5 Bytes JMP 1001AEE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!mouse_event 76EB044E 5 Bytes JMP 100297C0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendDlgItemMessageW 76EB0E38 5 Bytes JMP 10019C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendInput 76EB2F75 5 Bytes JMP 10019930 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!GetClipboardData 76EC715A 5 Bytes JMP 10018370 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!ExitWindowsEx 76ECB7C3 5 Bytes JMP 10017C90 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!keybd_event 76EDD972 5 Bytes JMP 100299D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] USER32.dll!SendMessageCallbackA 76EE2CA7 5 Bytes JMP 1001A960 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] GDI32.dll!BitBlt 77A570A6 5 Bytes JMP 10029530 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] GDI32.dll!StretchBlt 77A593D6 5 Bytes JMP 10028D50 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] GDI32.dll!MaskBlt 77A5C5CB 5 Bytes JMP 10029280 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[792] GDI32.dll!PlgBlt 77A6EB50 5 Bytes JMP 10028FF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\csrss.exe[800] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 76221BA0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[800] ntdll.dll!NtReplyWaitReceivePort 77C94F74 5 Bytes JMP 76221450 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\csrss.exe[800] ntdll.dll!NtReplyWaitReceivePortEx 77C94F84 5 Bytes JMP 762217F0 C:\Windows\system32\cmdcsr.dll .text C:\Windows\system32\services.exe[844] services.exe 00081628 4 Bytes [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[844] services.exe 00081638 4 Bytes [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[844] services.exe 00081658 4 Bytes [40, E5, 01, 10] .text C:\Windows\system32\services.exe[844] services.exe 00081668 4 Bytes [80, DF, 01, 10] .text C:\Windows\system32\services.exe[844] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] RPCRT4.dll!RpcServerRegisterIfEx 7702929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[844] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[860] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[868] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[900] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] RPCRT4.dll!RpcServerRegisterIfEx 7702929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1068] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1084] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] KERNEL32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] KERNEL32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1120] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] RPCRT4.dll!RpcServerRegisterIfEx 7702929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1168] rpcss.dll!WhichService 727D3F84 8 Bytes JMP EDF01001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1220] ntdll.dll!NtAllocateVirtualMemory 77C93FA4 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1220] ntdll.dll!NtCreateFile 77C94244 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 00E27F40 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 00E1D240 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 00E2B670 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] ntdll.dll!NtClose 77C94184 5 Bytes JMP 00E1D120 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 00E25070 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 00E25C00 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 00E28D10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 00E29D10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 00E29E10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 00E28AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 00E244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1256] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 00E23BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 01FE7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 01FDD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 01FEB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] ntdll.dll!NtClose 77C94184 5 Bytes JMP 01FDD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 01FE5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 01FE5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 01FE8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 01FE9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 01FE9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 01FE8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 01FE44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1264] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 01FE3BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1296] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1332] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1348] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1400] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1424] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] RPCRT4.dll!RpcServerRegisterIfEx 7702929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1456] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] RPCRT4.dll!RpcServerRegisterIfEx 7702929C 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1464] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\AUDIODG.EXE[1528] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1552] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 00E47F40 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 00E3D240 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 00E4B670 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] ntdll.dll!NtClose 77C94184 5 Bytes JMP 00E3D120 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 00E45070 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 00E45C00 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 00E444D0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 00E43BA0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 00E48D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 00E49D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 00E49E10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1572] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 00E48AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1628] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Ati2evxx.exe[1744] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1756] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[2012] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] KERNEL32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] KERNEL32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2076] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2196] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\TODDSrv.exe[2216] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 00DD7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 00DCD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 00DDB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] ntdll.dll!NtClose 77C94184 5 Bytes JMP 00DCD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 00DD5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 00DD5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 00DD44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 00DD3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 00DD8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 00DD9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 00DD9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2244] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 00DD8AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2308] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2324] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 001F7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 001ED240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 001FB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] ntdll.dll!NtClose 77C94184 5 Bytes JMP 001ED120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 001F5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 001F5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 001F44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 001F3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 001F8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 001F9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 001F9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\CoreCom.exe[2348] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 001F8AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2364] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 003B7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 003AD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 003BB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] ntdll.dll!NtClose 77C94184 5 Bytes JMP 003AD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 003B5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 003B5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 003B8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 003B9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 003B9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 003B8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 003B44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[2372] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 003B3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2388] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[2420] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\MIHDBG.exe[2536] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 014C7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 014BD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 014CB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] ntdll.dll!NtClose 77C94184 5 Bytes JMP 014BD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 014C5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 014C5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 014C8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 014C9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 014C9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 014C8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 014C44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe[2616] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 014C3BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[2648] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2828] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2948] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3060] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[3072] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\CoreCom\OraConfigRecover.exe[3096] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3104] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[3116] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskeng.exe[3192] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3408] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[3472] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\RtHDVCpl.exe[3564] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3584] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[3592] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[3616] ntdll.dll!NtAllocateVirtualMemory 77C93FA4 5 Bytes JMP 00780630 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe[3672] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 00267F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 0025D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 0026B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] ntdll.dll!NtClose 77C94184 5 Bytes JMP 0025D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 00265070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 00265C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 00268D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 00269D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 00269E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 00268AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 002644D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\connectivity\connectivitymanager.exe[3684] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 00263BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 01C27F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 01C1D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 01C2B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] ntdll.dll!NtClose 77C94184 5 Bytes JMP 01C1D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 01C25070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 01C25C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 01C244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 01C23BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 01C28D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 01C29D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 01C29E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3696] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 01C28AE0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\unsecapp.exe[3704] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3712] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 01AE7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 01ADD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 01AEB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] ntdll.dll!NtClose 77C94184 5 Bytes JMP 01ADD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 01AE5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 01AE5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 01AE8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 01AE9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 01AE9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 01AE8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 01AE44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3724] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 01AE3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 003C7F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 003BD240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 003CB670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] ntdll.dll!NtClose 77C94184 5 Bytes JMP 003BD120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 003C5070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 003C5C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 003C8D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 003C9D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 003C9E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 003C8AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 003C44D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\systray\systrayapp.exe[3732] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 003C3BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[3744] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] KERNEL32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] KERNEL32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[3808] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3816] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 00267F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 0025D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 0026B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] ntdll.dll!NtClose 77C94184 5 Bytes JMP 0025D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 00265070 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 00265C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 002644D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 00263BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 00268D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 00269D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 00269E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Livebox\Launcher\Launcher.exe[3896] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 00268AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4032] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4188] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 01B67F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 01B5D240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 01B6B670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] ntdll.dll!NtClose 77C94184 5 Bytes JMP 01B5D120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 01B65070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 01B65C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 01B68D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 01B69D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 01B69E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 01B68AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 01B644D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4244] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 01B63BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[4260] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 01C07F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 01BFD240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 01C0B670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] ntdll.dll!NtClose 77C94184 5 Bytes JMP 01BFD120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 01C05070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 01C05C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 01C08D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 01C09D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 01C09E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 01C08AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 01C044D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[4324] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 01C03BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 019C7F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 019BD240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 019CB670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] ntdll.dll!NtClose 77C94184 5 Bytes JMP 019BD120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 019C5070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 019C5C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 019C8D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 019C9D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 019C9E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 019C8AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 019C44D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[4452] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 019C3BA0 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text E:\programy\gmer\gmer.exe[4640] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 003A7F40 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 0039D240 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 003AB670 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] ntdll.dll!NtClose 77C94184 5 Bytes JMP 0039D120 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 003A5070 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 003A5C00 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 003A8D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 003A9D10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 003A9E10 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 003A8AE0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 003A44D0 C:\Windows\system32\guard32.dll .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[4672] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 003A3BA0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] ntdll.dll!NtClose 77C94184 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll .text C:\Users\Bartek\AppData\Roaming\Dropbox\bin\Dropbox.exe[4844] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] ntdll.dll!LdrLoadDll 77C59378 5 Bytes JMP 01C97F40 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] ntdll.dll!LdrUnloadDll 77C6B680 7 Bytes JMP 01C8D240 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] ntdll.dll!NtAlpcSendWaitReceivePort 77C940E4 3 Bytes JMP 01C9B670 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77C940E8 1 Byte [8A] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] ntdll.dll!NtClose 77C94184 5 Bytes JMP 01C8D120 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] kernel32.dll!CreateProcessW 77441BF3 5 Bytes JMP 01C95070 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] kernel32.dll!CreateProcessA 77441C28 5 Bytes JMP 01C95C00 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] GDI32.dll!DeleteDC 77A568CD 5 Bytes JMP 01C98D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] GDI32.dll!CreateDCW 77A5A91D 5 Bytes JMP 01C99D10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] GDI32.dll!CreateDCA 77A5AA49 5 Bytes JMP 01C99E10 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] GDI32.dll!GetPixel 77A5BE90 5 Bytes JMP 01C98AE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] ADVAPI32.dll!CreateProcessAsUserA 76F2CEB9 5 Bytes JMP 01C944D0 C:\Windows\system32\guard32.dll .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe[5308] ADVAPI32.dll!CreateProcessAsUserW 76F41EE9 5 Bytes JMP 01C93BA0 C:\Windows\system32\guard32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71E87817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [71ECB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [71E8BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [71E7F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [71E875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [71E7E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [71EB73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [71E8DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [71E7FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [71E7FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [71E771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [71F0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [71EAC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [71E7D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71E76853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [71E7687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.EXE[3116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71E82AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037aa4de35 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x26 0xFA 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00037aa4de35 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xED 0x26 0xFA 0x9F ... ---- Files - GMER 2.1 ---- File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7A98D24C-0985-44B9-A9BD-DD1F0F1DD100.data 4608 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1AD64D52-9BA0-4AF5-95F4-2E1CEFB8C75D.data 1632 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1AD64D52-9BA0-4AF5-95F4-2E1CEFB8C75D.data.info 198 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\294203DD-E3E2-44AB-8FFF-BF626409440A.data 70207 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\294203DD-E3E2-44AB-8FFF-BF626409440A.data.info 94 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2F4F44B4-7C5E-4654-8513-FBC54549FD2E.data 195072 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2F4F44B4-7C5E-4654-8513-FBC54549FD2E.data.info 170 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A170BB0-5B3F-4EF2-9489-C11B1F4B156B.data 11776 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A170BB0-5B3F-4EF2-9489-C11B1F4B156B.data.info 198 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4B2DD4B8-ED71-4D35-8616-240CAA1473E2.data 804 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4B2DD4B8-ED71-4D35-8616-240CAA1473E2.data.info 200 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\5AC5460B-8EBA-4546-87FE-9A71753B1482.data 1211 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\5AC5460B-8EBA-4546-87FE-9A71753B1482.data.info 76 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AA9C40F5-8F6C-40EC-B322-4890631D0CB2.data 117760 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AA9C40F5-8F6C-40EC-B322-4890631D0CB2.data.info 98 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AFAE7393-B001-4A68-BB60-D379D457364C.data 643435 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AFAE7393-B001-4A68-BB60-D379D457364C.data.info 284 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B389F68F-7346-4AE9-BC45-ADF86B2EC674.data 37863604 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B389F68F-7346-4AE9-BC45-ADF86B2EC674.data.info 162 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\CB23B507-9ECE-470F-866D-8749B79C9DDF.data 49152 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\CB23B507-9ECE-470F-866D-8749B79C9DDF.data.info 80 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\D5A659F0-0BD5-4C09-849E-1681A00ED590.data 61883 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\D5A659F0-0BD5-4C09-849E-1681A00ED590.data.info 176 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\EE30EE97-D508-4689-88AC-82EAA83F1C4A.data 2048 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\EE30EE97-D508-4689-88AC-82EAA83F1C4A.data.info 200 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7A98D24C-0985-44B9-A9BD-DD1F0F1DD100.data.info 200 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\87386723-F580-4AA9-B5AB-5806B942D98C.data 1152337 bytes executable File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\87386723-F580-4AA9-B5AB-5806B942D98C.data.info 234 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A2DB8EC4-42B7-4938-8672-C8E4B183024B.data 96768 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A2DB8EC4-42B7-4938-8672-C8E4B183024B.data.info 200 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A78834C4-4CEB-42FE-B58B-E73A0E5C8708.data 578043 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A78834C4-4CEB-42FE-B58B-E73A0E5C8708.data.info 286 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A8207A02-F0FB-4188-8F24-7EA231C591FE.data 384335 bytes File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A8207A02-F0FB-4188-8F24-7EA231C591FE.data.info 152 bytes ---- EOF - GMER 2.1 ----