GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-15 21:33:01 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003 232,89GB Running: 3349x8zs.exe; Driver: C:\Users\Dorota\AppData\Local\Temp\kwrdrpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x8AB5B230] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x8AB5B41C] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwConnectPort [0x8AB5A590] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateFile [0x8AB5AE96] SSDT 8ED984C0 ZwCreateKey SSDT 8ED975C0 ZwCreateProcess SSDT 8ED978C0 ZwCreateProcessEx SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSection [0x8AB5AC4A] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x8AB5BF94] SSDT 8ED99460 ZwCreateThread SSDT 8ED99640 ZwCreateThreadEx SSDT 8ED97BC0 ZwCreateUserProcess SSDT 8ED98AC0 ZwDeleteKey SSDT 8ED98DC0 ZwDeleteValueKey SSDT 8ED99820 ZwLoadDriver SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x8AB5A858] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwOpenFile [0x8AB5B072] SSDT 8ED97EC0 ZwOpenProcess SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwOpenSection [0x8AB5AAF2] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0x8AB5BCB2] SSDT 8ED987C0 ZwSetValueKey SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x8AB5A7C2] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0x8AB5A9DE] SSDT 8ED981C0 ZwTerminateProcess SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwTerminateThread [0x8AB5A180] SSDT 8ED99280 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 81E49599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E6E092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 81E75870 4 Bytes [30, B2, B5, 8A] .text ntkrnlpa.exe!RtlSidHashLookup + 248 81E75898 4 Bytes [1C, B4, B5, 8A] {SBB AL, 0xb4; MOV CH, 0x8a} .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 81E7592C 4 Bytes [90, A5, B5, 8A] {NOP ; MOVSD ; MOV CH, 0x8a} .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 81E75948 4 Bytes [96, AE, B5, 8A] {XCHG ESI, EAX; SCASB ; MOV CH, 0x8a} .text ntkrnlpa.exe!RtlSidHashLookup + 308 81E75958 4 Bytes [C0, 84, D9, 8E] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[348] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 5 Bytes JMP 75501EB0 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtReplyWaitReceivePort 77365500 5 Bytes JMP 755015D0 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtReplyWaitReceivePortEx 77365510 5 Bytes JMP 75501A40 C:\Windows\system32\cmdcsr.dll .text C:\windows\System32\svchost.exe[456] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[456] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\svchost.exe[456] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[456] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\System32\svchost.exe[456] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\svchost.exe[456] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\System32\svchost.exe[456] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\System32\svchost.exe[456] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\System32\svchost.exe[456] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\System32\svchost.exe[456] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\System32\svchost.exe[456] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\System32\svchost.exe[456] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\System32\svchost.exe[456] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\System32\svchost.exe[456] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\System32\svchost.exe[456] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\System32\svchost.exe[456] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[464] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\wininit.exe[496] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [14, 71] {ADC AL, 0x71} .text C:\windows\system32\wininit.exe[496] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\wininit.exe[496] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\wininit.exe[496] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\wininit.exe[496] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\wininit.exe[496] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\wininit.exe[496] USER32.dll!RegisterRawInputDevices 75BE5C2F 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] USER32.dll!RegisterRawInputDevices + 4 75BE5C33 2 Bytes [35, 71] .text C:\windows\system32\wininit.exe[496] USER32.dll!SystemParametersInfoA 75BE7E90 6 Bytes JMP 7121000A .text C:\windows\system32\wininit.exe[496] USER32.dll!EnableWindow 75BEA72E 6 Bytes JMP 711B000A .text C:\windows\system32\wininit.exe[496] USER32.dll!MoveWindow 75BEA8C4 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] USER32.dll!MoveWindow + 4 75BEA8C8 2 Bytes [2F, 71] .text C:\windows\system32\wininit.exe[496] USER32.dll!GetAsyncKeyState 75BEC09A 6 Bytes JMP 7139000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SetParent 75BEC696 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] USER32.dll!SetParent + 4 75BEC69A 2 Bytes [32, 71] .text C:\windows\system32\wininit.exe[496] USER32.dll!RegisterHotKey 75BEC8F9 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] USER32.dll!RegisterHotKey + 4 75BEC8FD 2 Bytes [23, 71] .text C:\windows\system32\wininit.exe[496] USER32.dll!PostThreadMessageA 75BECBD1 6 Bytes JMP 7166000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageA 75BECC28 6 Bytes JMP 7160000A .text C:\windows\system32\wininit.exe[496] USER32.dll!PostMessageA 75BED656 6 Bytes JMP 716C000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendNotifyMessageW 75BEEB65 6 Bytes JMP 714B000A .text C:\windows\system32\wininit.exe[496] USER32.dll!PostThreadMessageW 75BEECDE 6 Bytes JMP 7163000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SystemParametersInfoW 75BEEEE1 6 Bytes JMP 711E000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7172000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageTimeoutW 75BF313E 6 Bytes JMP 7157000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageCallbackW 75BF4DFC 6 Bytes JMP 7151000A .text C:\windows\system32\wininit.exe[496] USER32.dll!GetKeyState 75BF4FDA 6 Bytes JMP 713C000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 716F000A .text C:\windows\system32\wininit.exe[496] USER32.dll!PostMessageW 75BF6225 6 Bytes JMP 7169000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageW 75BF764C 6 Bytes JMP 715D000A .text C:\windows\system32\wininit.exe[496] USER32.dll!GetClipboardData 75C04B47 6 Bytes JMP 7127000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendNotifyMessageA 75C067B4 6 Bytes JMP 714E000A .text C:\windows\system32\wininit.exe[496] USER32.dll!mouse_event 75C08146 6 Bytes JMP 7178000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SetClipboardViewer 75C08F4D 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] USER32.dll!SetClipboardViewer + 4 75C08F51 2 Bytes [2C, 71] {SUB AL, 0x71} .text C:\windows\system32\wininit.exe[496] USER32.dll!SendDlgItemMessageA 75C0914D 6 Bytes JMP 7148000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendDlgItemMessageW 75C14CFE 6 Bytes JMP 7145000A .text C:\windows\system32\wininit.exe[496] USER32.dll!GetKeyboardState 75C16B3E 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] USER32.dll!GetKeyboardState + 4 75C16B42 2 Bytes [3E, 71] .text C:\windows\system32\wininit.exe[496] USER32.dll!BlockInput 75C16C84 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] USER32.dll!BlockInput + 4 75C16C88 2 Bytes [29, 71] .text C:\windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7175000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageTimeoutA 75C16E97 6 Bytes JMP 715A000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendInput 75C17055 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[496] USER32.dll!SendInput + 4 75C17059 2 Bytes [41, 71] .text C:\windows\system32\wininit.exe[496] USER32.dll!ExitWindowsEx 75C306EF 6 Bytes JMP 7118000A .text C:\windows\system32\wininit.exe[496] USER32.dll!keybd_event 75C3EC9B 6 Bytes JMP 717B000A .text C:\windows\system32\wininit.exe[496] USER32.dll!SendMessageCallbackA 75C43EEB 6 Bytes JMP 7154000A .text C:\windows\system32\wininit.exe[496] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\wininit.exe[496] GDI32.dll!BitBlt 77027180 6 Bytes JMP 7187000A .text C:\windows\system32\wininit.exe[496] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\wininit.exe[496] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\wininit.exe[496] GDI32.dll!MaskBlt 7702C681 6 Bytes JMP 7184000A .text C:\windows\system32\wininit.exe[496] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\wininit.exe[496] GDI32.dll!StretchBlt 7702F418 6 Bytes JMP 717E000A .text C:\windows\system32\wininit.exe[496] GDI32.dll!PlgBlt 77040900 6 Bytes JMP 7181000A .text C:\windows\system32\wininit.exe[496] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\csrss.exe[504] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 5 Bytes JMP 75501EB0 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\csrss.exe[504] ntdll.dll!NtReplyWaitReceivePort 77365500 5 Bytes JMP 755015D0 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\csrss.exe[504] ntdll.dll!NtReplyWaitReceivePortEx 77365510 5 Bytes JMP 75501A40 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\services.exe[612] services.exe 00341608 4 Bytes [70, 39, 01, 10] {JO 0x3b; ADD [EAX], EDX} .text C:\windows\system32\services.exe[612] services.exe 00341618 4 Bytes [50, 3D, 01, 10] .text C:\windows\system32\services.exe[612] services.exe 00341638 4 Bytes [D0, 36, 01, 10] {SAL BYTE [ESI], 0x1; ADD [EAX], EDX} .text C:\windows\system32\services.exe[612] services.exe 00341648 4 Bytes [70, 3B, 01, 10] {JO 0x3d; ADD [EAX], EDX} .text C:\windows\system32\services.exe[612] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\services.exe[612] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\services.exe[612] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\services.exe[612] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\services.exe[612] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\services.exe[612] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\services.exe[612] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\services.exe[612] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\services.exe[612] RPCRT4.dll!RpcServerRegisterIfEx 774C2640 6 Bytes JMP 7193000A .text C:\windows\system32\services.exe[612] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7181000A .text C:\windows\system32\services.exe[612] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717E000A .text C:\windows\system32\services.exe[612] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7184000A .text C:\windows\system32\services.exe[612] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7187000A .text C:\windows\system32\services.exe[612] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7190000A .text C:\windows\system32\services.exe[612] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 718D000A .text C:\windows\system32\services.exe[612] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718A000A .text C:\windows\system32\services.exe[612] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\lsass.exe[624] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\lsass.exe[624] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\lsass.exe[624] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\lsass.exe[624] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\lsass.exe[624] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\lsass.exe[624] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\lsass.exe[624] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\lsass.exe[624] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\lsass.exe[624] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\lsass.exe[624] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\lsass.exe[624] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\lsass.exe[624] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\lsass.exe[624] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\lsass.exe[624] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\lsass.exe[624] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\lsass.exe[624] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\lsm.exe[632] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\lsm.exe[632] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\lsm.exe[632] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\lsm.exe[632] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\lsm.exe[632] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\lsm.exe[632] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\lsm.exe[632] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\lsm.exe[632] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\lsm.exe[632] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\lsm.exe[632] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\lsm.exe[632] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\lsm.exe[632] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\lsm.exe[632] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\lsm.exe[632] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\lsm.exe[632] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\lsm.exe[632] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\System32\svchost.exe[708] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[708] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\svchost.exe[708] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[708] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\System32\svchost.exe[708] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\svchost.exe[708] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\System32\svchost.exe[708] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\System32\svchost.exe[708] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\System32\svchost.exe[708] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\System32\svchost.exe[708] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\System32\svchost.exe[708] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\System32\svchost.exe[708] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\System32\svchost.exe[708] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\System32\svchost.exe[708] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\System32\svchost.exe[708] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\System32\svchost.exe[708] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[756] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[756] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\svchost.exe[756] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[756] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[756] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[756] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[756] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[756] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[756] RPCRT4.dll!RpcServerRegisterIfEx 774C2640 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[756] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[756] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717E000A .text C:\windows\system32\svchost.exe[756] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[756] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[756] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[756] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[756] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[756] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[832] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[832] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\svchost.exe[832] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[832] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[832] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[832] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[832] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[832] RPCRT4.dll!RpcServerRegisterIfEx 774C2640 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[832] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[832] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717E000A .text C:\windows\system32\svchost.exe[832] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[832] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[832] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[832] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[832] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[832] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[832] rpcss.dll!CoGetComCatalog 749F3A14 8 Bytes [10, 33, 01, 10, D0, 30, 01, ...] {ADC [EBX], DH; ADD [EAX], EDX; SAL BYTE [EAX], 0x1; ADD [EAX], EDX} .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[880] ntdll.dll!NtAllocateVirtualMemory 773643C0 5 Bytes JMP 00F53FD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[880] ntdll.dll!NtCreateFile 773646B0 5 Bytes JMP 00F8DB90 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\windows\system32\svchost.exe[916] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[916] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[916] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[916] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[916] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[916] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[916] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[916] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[916] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[916] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[916] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[916] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[948] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[948] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[948] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[948] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[948] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[948] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[948] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[948] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[948] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[948] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[948] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[948] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[948] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[964] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[964] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[964] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[964] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[964] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[964] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[964] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[964] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[964] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[964] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[964] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[964] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\System32\svchost.exe[1016] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1016] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\svchost.exe[1016] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1016] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\System32\svchost.exe[1016] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\System32\svchost.exe[1016] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\System32\svchost.exe[1016] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\System32\svchost.exe[1016] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\System32\svchost.exe[1016] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\System32\svchost.exe[1016] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\System32\svchost.exe[1060] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1060] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\svchost.exe[1060] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1060] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\System32\svchost.exe[1060] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\System32\svchost.exe[1060] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\System32\svchost.exe[1060] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\System32\svchost.exe[1060] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[1092] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1092] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\svchost.exe[1092] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1092] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[1092] RPCRT4.dll!RpcServerRegisterIfEx 774C2640 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[1092] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717E000A .text C:\windows\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[1092] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[1092] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[1092] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[1092] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[1092] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1100] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\AUDIODG.EXE[1160] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\AUDIODG.EXE[1160] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\AUDIODG.EXE[1160] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\AUDIODG.EXE[1160] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\AUDIODG.EXE[1160] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A7001E .text C:\windows\system32\AUDIODG.EXE[1160] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719E001E .text C:\windows\system32\AUDIODG.EXE[1160] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719B001E .text C:\windows\system32\AUDIODG.EXE[1160] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7195001E .text C:\windows\system32\AUDIODG.EXE[1160] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7183001E .text C:\windows\system32\AUDIODG.EXE[1160] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7180001E .text C:\windows\system32\AUDIODG.EXE[1160] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7186001E .text C:\windows\system32\AUDIODG.EXE[1160] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7189001E .text C:\windows\system32\AUDIODG.EXE[1160] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7192001E .text C:\windows\system32\AUDIODG.EXE[1160] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 718F001E .text C:\windows\system32\AUDIODG.EXE[1160] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718C001E .text C:\windows\system32\AUDIODG.EXE[1160] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7198001E .text C:\windows\system32\svchost.exe[1208] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1208] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[1208] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1208] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[1208] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[1208] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[1208] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[1208] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[1208] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1380] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\WLANExt.exe[1532] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\WLANExt.exe[1532] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\WLANExt.exe[1532] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\WLANExt.exe[1532] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\WLANExt.exe[1532] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\WLANExt.exe[1532] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\WLANExt.exe[1532] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\WLANExt.exe[1532] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\WLANExt.exe[1532] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\WLANExt.exe[1532] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\WLANExt.exe[1532] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\WLANExt.exe[1532] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\WLANExt.exe[1532] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\WLANExt.exe[1532] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\WLANExt.exe[1532] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\WLANExt.exe[1532] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\conhost.exe[1540] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\conhost.exe[1540] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\conhost.exe[1540] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\conhost.exe[1540] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\conhost.exe[1540] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\conhost.exe[1540] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\conhost.exe[1540] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\conhost.exe[1540] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\conhost.exe[1540] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\conhost.exe[1540] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\conhost.exe[1540] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\conhost.exe[1540] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\conhost.exe[1540] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\conhost.exe[1540] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\conhost.exe[1540] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\conhost.exe[1540] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\System32\spoolsv.exe[1604] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\spoolsv.exe[1604] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\spoolsv.exe[1604] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\spoolsv.exe[1604] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\System32\spoolsv.exe[1604] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\spoolsv.exe[1604] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\System32\spoolsv.exe[1604] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\System32\spoolsv.exe[1604] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\System32\spoolsv.exe[1604] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\System32\spoolsv.exe[1604] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\System32\spoolsv.exe[1604] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\System32\spoolsv.exe[1604] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\System32\spoolsv.exe[1604] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\System32\spoolsv.exe[1604] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\System32\spoolsv.exe[1604] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\System32\spoolsv.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[1676] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1676] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\svchost.exe[1676] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1676] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[1676] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[1676] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[1676] RPCRT4.dll!RpcServerRegisterIfEx 774C2640 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717E000A .text C:\windows\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[1676] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[1676] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[1676] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[1676] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[1676] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\System32\svchost.exe[1980] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1980] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\svchost.exe[1980] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1980] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\System32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\svchost.exe[1980] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\System32\svchost.exe[1980] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\System32\svchost.exe[1980] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\System32\svchost.exe[1980] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\System32\svchost.exe[1980] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\System32\svchost.exe[1980] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\System32\svchost.exe[1980] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\System32\svchost.exe[1980] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\System32\svchost.exe[1980] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\System32\svchost.exe[1980] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\System32\svchost.exe[1980] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Windows\System32\AsusService.exe[2028] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\AsusService.exe[2028] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\System32\AsusService.exe[2028] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\AsusService.exe[2028] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Windows\System32\AsusService.exe[2028] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Windows\System32\AsusService.exe[2028] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Windows\System32\AsusService.exe[2028] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Windows\System32\AsusService.exe[2028] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Windows\System32\AsusService.exe[2028] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Windows\System32\AsusService.exe[2028] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Windows\System32\AsusService.exe[2028] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Windows\System32\AsusService.exe[2028] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Windows\System32\AsusService.exe[2028] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Windows\System32\AsusService.exe[2028] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Windows\System32\AsusService.exe[2028] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Windows\System32\AsusService.exe[2028] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2256] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[2328] ntdll.dll!NtAllocateVirtualMemory 773643C0 5 Bytes JMP 00381000 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2416] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[2472] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[2472] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[2472] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[2472] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[2472] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[2472] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[2472] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[2472] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[2472] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[2472] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[2472] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[2472] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[2472] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[2472] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[2472] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[2472] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2536] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[2556] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2596] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2616] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2712] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\taskhost.exe[2732] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2732] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\taskhost.exe[2732] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2732] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\taskhost.exe[2732] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\taskhost.exe[2732] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\taskhost.exe[2732] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\taskhost.exe[2732] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\taskhost.exe[2732] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\taskhost.exe[2732] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\taskhost.exe[2732] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\taskhost.exe[2732] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\taskhost.exe[2732] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\taskhost.exe[2732] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\taskhost.exe[2732] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\taskhost.exe[2732] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2752] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\taskeng.exe[2792] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskeng.exe[2792] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\taskeng.exe[2792] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskeng.exe[2792] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\taskeng.exe[2792] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\taskeng.exe[2792] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\taskeng.exe[2792] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\taskeng.exe[2792] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\taskeng.exe[2792] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\taskeng.exe[2792] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\taskeng.exe[2792] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\taskeng.exe[2792] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\taskeng.exe[2792] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\taskeng.exe[2792] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\taskeng.exe[2792] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\taskeng.exe[2792] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\Dwm.exe[2896] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[2896] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\Dwm.exe[2896] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[2896] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\Dwm.exe[2896] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\Dwm.exe[2896] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\Dwm.exe[2896] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\Dwm.exe[2896] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\Dwm.exe[2896] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\Dwm.exe[2896] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\Dwm.exe[2896] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\Dwm.exe[2896] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\Dwm.exe[2896] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\Dwm.exe[2896] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\Dwm.exe[2896] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\Dwm.exe[2896] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Windows Sidebar\sidebar.exe[2920] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\Explorer.EXE[2940] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.EXE[2940] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\Explorer.EXE[2940] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.EXE[2940] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\Explorer.EXE[2940] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\Explorer.EXE[2940] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\Explorer.EXE[2940] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\Explorer.EXE[2940] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\Explorer.EXE[2940] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\Explorer.EXE[2940] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\Explorer.EXE[2940] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\Explorer.EXE[2940] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\Explorer.EXE[2940] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\Explorer.EXE[2940] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\Explorer.EXE[2940] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\Explorer.EXE[2940] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3028] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3264] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Elantech\ETDCtrl.exe[3272] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Elantech\ETDCtrl.exe[3272] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Elantech\ETDCtrl.exe[3272] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Elantech\ETDCtrl.exe[3272] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Elantech\ETDCtrl.exe[3272] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3348] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3364] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[3376] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3388] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3400] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3456] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[3480] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [78, 71] {JS 0x73} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtCreateFile + 6 773646B6 4 Bytes [28, 10, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtCreateFile + B 773646BB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtCreateKey + 6 773646F6 4 Bytes [68, 11, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtCreateKey + B 773646FB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtCreateMutant + 6 77364736 4 Bytes [68, 12, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtCreateMutant + B 7736473B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtCreateSection + 6 773647D6 4 Bytes [A8, 12, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtCreateSection + B 773647DB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtMapViewOfSection + B 77364D1B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenFile + 6 77364DC6 4 Bytes [68, 10, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenFile + B 77364DCB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenKey + 6 77364DF6 4 Bytes [A8, 11, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenKey + B 77364DFB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenKeyEx + B 77364E0B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenMutant + 6 77364E46 4 Bytes [28, 12, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenMutant + B 77364E4B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenProcess + 6 77364E76 4 Bytes [68, 13, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenProcess + B 77364E7B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenProcessToken + 6 77364E86 4 Bytes [A8, 13, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenProcessToken + B 77364E8B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenProcessTokenEx + 6 77364E96 4 Bytes [68, 14, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenProcessTokenEx + B 77364E9B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenSection + B 77364EBB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenThread + 6 77364EF6 4 Bytes [28, 13, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenThread + B 77364EFB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenThreadToken + 6 77364F06 4 Bytes [28, 14, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenThreadToken + B 77364F0B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenThreadTokenEx + 6 77364F16 4 Bytes [A8, 14, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtOpenThreadTokenEx + B 77364F1B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtQueryAttributesFile + 6 77365026 4 Bytes [A8, 10, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtQueryAttributesFile + B 7736502B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtQueryFullAttributesFile + B 773650DB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtSetInformationFile + 6 77365726 4 Bytes [28, 11, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtSetInformationFile + B 7736572B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtSetInformationThread + B 7736578B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtUnmapViewOfSection + 6 77365AA6 4 Bytes [28, 15, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!NtUnmapViewOfSection + B 77365AAB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] kernel32.dll!CreateProcessW 75D0202D 5 Bytes JMP 00080030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] kernel32.dll!CreateProcessA 75D02062 5 Bytes JMP 00080070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7194000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SelectObject 770261D0 5 Bytes JMP 000C05F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SetTextColor 77026622 5 Bytes JMP 000C0A30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SetBkMode 770266CD 5 Bytes JMP 000C08F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!DeleteObject 770268B4 5 Bytes JMP 000C01B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!DeleteDC 77026A2C 5 Bytes JMP 000C0170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!ExtSelectClipRgn 77026C72 5 Bytes JMP 000C02F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SelectClipRgn 77026D84 5 Bytes JMP 000C05B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetDeviceCaps 77026E03 5 Bytes JMP 000C03B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SetStretchBltMode 770273CE 5 Bytes JMP 000C06B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetCurrentObject 7702777C 5 Bytes JMP 000C0370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetTextMetricsW 7702798F 5 Bytes JMP 000C0E30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!IntersectClipRect 77027CCA 5 Bytes JMP 000C03F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetTextAlign 77027D15 5 Bytes JMP 000C0D70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SetTextAlign 77027F92 5 Bytes JMP 000C09F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!ExtTextOutW 77028053 5 Bytes JMP 000C0970 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetClipBox 770281F2 5 Bytes JMP 000C0330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!MoveToEx 77028A16 5 Bytes JMP 000C0470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!CreateDCA 77029975 5 Bytes JMP 000C00B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!RestoreDC 77029A10 5 Bytes JMP 000C0530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SaveDC 77029AD2 5 Bytes JMP 000C0570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!StretchDIBits 7702AC38 5 Bytes JMP 000C0770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetTextFaceW 7702B4CC 5 Bytes JMP 000C0D30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetTextExtentPoint32W 7702B535 5 Bytes JMP 000C0670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetFontData 7702B8E8 5 Bytes JMP 000C0C70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!CreateDCW 7702BD21 5 Bytes JMP 000C00F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!CreateICW 7702C660 5 Bytes JMP 000C0130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 7189000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!LineTo 7702CA20 5 Bytes JMP 000C0430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SetWorldTransform 7702CB42 5 Bytes JMP 000C06F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetTextMetricsA 7702CE46 5 Bytes JMP 000C0DF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!Rectangle 7702F5BE 5 Bytes JMP 000C09B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SetICMMode 7702F8D4 5 Bytes JMP 000C0DB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!ExtTextOutA 77030158 5 Bytes JMP 000C0930 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetTextExtentPoint32A 770308BB 5 Bytes JMP 000C0630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!Escape 77030B0D 5 Bytes JMP 000C0270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!ExtEscape 77033472 5 Bytes JMP 000C02B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetTextFaceA 77033E49 5 Bytes JMP 000C0CF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SetPolyFillMode 77036CE1 5 Bytes JMP 000C0B30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SetMiterLimit 77036E54 5 Bytes JMP 000C0B70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!ResetDCW 7704031C 5 Bytes JMP 000C0AB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!EndPage 770407CD 5 Bytes JMP 000C0230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!GetGlyphOutlineW 7704C292 5 Bytes JMP 000C0CB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!CreateScalableFontResourceW 7704E8EF 5 Bytes JMP 000C0BB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!AddFontResourceW 7704ECEB 5 Bytes JMP 000C0BF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!RemoveFontResourceW 7704F1E1 5 Bytes JMP 000C0C30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!AbortDoc 77054D37 5 Bytes JMP 000C0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!EndDoc 7705517E 5 Bytes JMP 000C01F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!StartPage 77055269 5 Bytes JMP 000C0730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!StartDocW 77055BB6 5 Bytes JMP 000C07F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!BeginPath 7705635D 5 Bytes JMP 000C0830 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!SelectClipPath 770563B4 5 Bytes JMP 000C0AF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!CloseFigure 7705640F 5 Bytes JMP 000C0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!EndPath 77056466 5 Bytes JMP 000C0A70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!StrokePath 77056699 5 Bytes JMP 000C07B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!FillPath 77056726 5 Bytes JMP 000C0870 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!PolylineTo 77056B94 5 Bytes JMP 000C04F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!PolyBezierTo 77056C25 5 Bytes JMP 000C04B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] GDI32.dll!PolyDraw 77056CD7 5 Bytes JMP 000C08B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!ActivateKeyboardLayout 75BE817D 5 Bytes JMP 000D04F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!ScreenToClient 75BEC1F2 7 Bytes JMP 000D0670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!RegisterClipboardFormatA 75BEE6B1 5 Bytes JMP 000D02F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!RegisterClipboardFormatW 75BEEDFD 5 Bytes JMP 000D02B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 717F000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717C000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!SetCursor 75BF52EA 5 Bytes JMP 000D0530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!MonitorFromWindow 75BF590A 7 Bytes JMP 000D0630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!PostMessageW 75BF6225 5 Bytes JMP 000D05F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!IsWindowVisible 75BF6939 7 Bytes JMP 000D06B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetClientRect 75BF74B1 7 Bytes JMP 000D05B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!MapWindowPoints 75BF7915 5 Bytes JMP 000D0570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetParent 75BF7AB3 7 Bytes JMP 000D06F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!SetClipboardData 75C04979 5 Bytes JMP 000D0170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!EmptyClipboard 75C04A28 5 Bytes JMP 000D0130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetClipboardData 75C04B47 5 Bytes JMP 000D0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!EnumClipboardFormats 75C04D98 5 Bytes JMP 000D01B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetClipboardFormatNameW 75C07EB2 5 Bytes JMP 000D0230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!SetClipboardViewer 75C08F4D 5 Bytes JMP 000D04B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetClipboardFormatNameA 75C08F61 5 Bytes JMP 000D0270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetOpenClipboardWindow 75C0902F 1 Byte [E9] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetOpenClipboardWindow 75C0902F 5 Bytes JMP 000D03F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!ChangeClipboardChain 75C13425 5 Bytes JMP 000D0430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetTopWindow 75C13A5D 7 Bytes JMP 000D0730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!CloseClipboard 75C15BA7 5 Bytes JMP 000D00B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!OpenClipboard 75C15BB9 5 Bytes JMP 000D0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!IsClipboardFormatAvailable 75C15C3A 5 Bytes JMP 000D00F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetClipboardSequenceNumber 75C15C4E 5 Bytes JMP 000D0330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetClipboardOwner 75C15C60 5 Bytes JMP 000D0370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!CountClipboardFormats 75C15DC9 5 Bytes JMP 000D01F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7182000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!SetCursorPos 75C2C1D8 5 Bytes JMP 000D0770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetClipboardViewer 75C44B57 5 Bytes JMP 000D0470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] USER32.dll!GetPriorityClipboardFormat 75C44C59 5 Bytes JMP 000D03B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7197000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ole32.dll!OleSetClipboard 75FCF2FE 5 Bytes JMP 000E0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ole32.dll!OleIsCurrentClipboard 75FD2489 5 Bytes JMP 000E0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[3512] ole32.dll!OleGetClipboard 75FFF825 5 Bytes JMP 000E00B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ntdll.dll!wcsncmp + 33B 7737F420 7 Bytes JMP 657D6D70 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 75D4C057 7 Bytes JMP 65B2D713 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!CloseHandle + 38 75D5058F 7 Bytes JMP 65B2D736 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] kernel32.dll!GetExitCodeProcess + 2C 75D530DD 7 Bytes JMP 657F1C62 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] USER32.dll!GetWindowInfo 75BF6A82 5 Bytes JMP 659B6045 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] GDI32.dll!GetViewportOrgEx + 21C 770285EB 7 Bytes JMP 65B2D694 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3556] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Windows\System32\hkcmd.exe[3624] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[3624] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\System32\hkcmd.exe[3624] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[3624] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Windows\System32\hkcmd.exe[3624] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Windows\System32\hkcmd.exe[3624] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Windows\System32\hkcmd.exe[3624] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Windows\System32\hkcmd.exe[3624] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Windows\System32\hkcmd.exe[3624] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Windows\System32\hkcmd.exe[3624] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Windows\System32\hkcmd.exe[3624] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Windows\System32\hkcmd.exe[3624] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Windows\System32\hkcmd.exe[3624] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Windows\System32\hkcmd.exe[3624] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Windows\System32\hkcmd.exe[3624] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Windows\System32\hkcmd.exe[3624] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Windows\System32\igfxpers.exe[3656] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[3656] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\System32\igfxpers.exe[3656] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[3656] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Windows\System32\igfxpers.exe[3656] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Windows\System32\igfxpers.exe[3656] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Windows\System32\igfxpers.exe[3656] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Windows\System32\igfxpers.exe[3656] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Windows\System32\igfxpers.exe[3656] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Windows\System32\igfxpers.exe[3656] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Windows\System32\igfxpers.exe[3656] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Windows\System32\igfxpers.exe[3656] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Windows\System32\igfxpers.exe[3656] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Windows\System32\igfxpers.exe[3656] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Windows\System32\igfxpers.exe[3656] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Windows\System32\igfxpers.exe[3656] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7184000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 717E000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717B000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3684] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7181000A .text C:\windows\system32\igfxsrvc.exe[3808] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[3808] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\igfxsrvc.exe[3808] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[3808] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\igfxsrvc.exe[3808] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\igfxsrvc.exe[3808] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\igfxsrvc.exe[3808] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\igfxsrvc.exe[3808] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\igfxsrvc.exe[3808] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\igfxsrvc.exe[3808] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\igfxsrvc.exe[3808] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\igfxsrvc.exe[3808] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\igfxsrvc.exe[3808] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\igfxsrvc.exe[3808] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\igfxsrvc.exe[3808] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\igfxsrvc.exe[3808] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3884] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4008] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[4076] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\SearchIndexer.exe[4120] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\SearchIndexer.exe[4120] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\SearchIndexer.exe[4120] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\SearchIndexer.exe[4120] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\SearchIndexer.exe[4120] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\SearchIndexer.exe[4120] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\SearchIndexer.exe[4120] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\SearchIndexer.exe[4120] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\SearchIndexer.exe[4120] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\SearchIndexer.exe[4120] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\SearchIndexer.exe[4120] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\SearchIndexer.exe[4120] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\SearchIndexer.exe[4120] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\SearchIndexer.exe[4120] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\SearchIndexer.exe[4120] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\SearchIndexer.exe[4120] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[4304] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[4304] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[4304] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[4304] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[4304] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[4304] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[4304] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[4304] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[4304] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[4304] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[4304] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[4304] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[4304] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[4304] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[4304] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[4304] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[4320] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[4320] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[4320] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[4320] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[4320] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[4320] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[4320] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[4320] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[4320] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[4320] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[4320] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[4320] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[4320] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[4320] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[4320] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[4320] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4688] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] USER32.dll!CharToOemA + 3A 75BEB1DE 7 Bytes JMP 65D643E6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 717E000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717B000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] USER32.dll!AdjustWindowRectEx + 117 75BF660F 7 Bytes JMP 65D64375 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] USER32.dll!GetWindowInfo 75BF6A82 5 Bytes JMP 659AE50D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] USER32.dll!MenuItemFromPoint + F 75C14B36 7 Bytes JMP 659AE9FB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7181000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7184000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4780] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 717E000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 717B000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7181000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 7184000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4784] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[5104] ntdll.dll!NtAllocateVirtualMemory 773643C0 5 Bytes JMP 00242FB0 C:\Program Files\COMODO\COMODO Internet Security\cis.exe .text C:\windows\system32\wbem\wmiprvse.exe[5452] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wbem\wmiprvse.exe[5452] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\wbem\wmiprvse.exe[5452] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wbem\wmiprvse.exe[5452] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\windows\system32\wbem\wmiprvse.exe[5452] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\windows\system32\wbem\wmiprvse.exe[5452] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] ntdll.dll!NtAlpcSendWaitReceivePort 77364500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77364504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] ntdll.dll!NtClose 773645B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] ntdll.dll!NtClose + 4 773645B4 2 Bytes [AE, 71] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] ntdll.dll!LdrUnloadDll 7737BD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] kernel32.dll!CreateProcessW 75D0202D 6 Bytes JMP 719F000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] kernel32.dll!CreateProcessA 75D02062 6 Bytes JMP 719C000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] kernel32.dll!CreateProcessAsUserW 75D379D4 6 Bytes JMP 7196000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] ADVAPI32.dll!CreateProcessAsUserA 758714FD 6 Bytes JMP 7199000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] USER32.dll!SetWindowsHookExW 75BF210A 6 Bytes JMP 7184000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] USER32.dll!SetWinEventHook 75BF507E 6 Bytes JMP 7181000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] USER32.dll!SetWindowsHookExA 75C16DFA 6 Bytes JMP 7187000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] GDI32.dll!DeleteDC 77026A2C 6 Bytes JMP 718A000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] GDI32.dll!CreateDCA 77029975 6 Bytes JMP 7193000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] GDI32.dll!CreateDCW 7702BD21 6 Bytes JMP 7190000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5828] GDI32.dll!GetPixel 7702C714 6 Bytes JMP 718D000A ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CE24FA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CC565B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CC5719] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CE2575] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CD85D9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CD4D8D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CD5134] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CD5209] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73CD6736] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CD8330] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CD887F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CD90E0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CDE283] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[2940] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CD4CBF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Threads - GMER 2.1 ---- Thread System [4:5928] B5E64F2E ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc04d37 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc04d37@78471d45cef6 0x96 0x9A 0xE0 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc04d37@78471d556f69 0x94 0x9A 0x86 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc04d37 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc04d37@78471d45cef6 0x96 0x9A 0xE0 0x83 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc04d37@78471d556f69 0x94 0x9A 0x86 0xA2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 ---- EOF - GMER 2.1 ----