GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-16 17:46:47 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003 232,89GB Running: 3349x8zs.exe; Driver: C:\Users\Dorota\AppData\Local\Temp\kwrdrpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0x8AD5E230] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwAlpcConnectPort [0x8AD5E41C] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwConnectPort [0x8AD5D590] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateFile [0x8AD5DE96] SSDT 8ED7E4C0 ZwCreateKey SSDT 8ED7D5C0 ZwCreateProcess SSDT 8ED7D8C0 ZwCreateProcessEx SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSection [0x8AD5DC4A] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0x8AD5EF94] SSDT 8ED7F460 ZwCreateThread SSDT 8ED7F640 ZwCreateThreadEx SSDT 8ED7DBC0 ZwCreateUserProcess SSDT 8ED7EAC0 ZwDeleteKey SSDT 8ED7EDC0 ZwDeleteValueKey SSDT 8ED7F820 ZwLoadDriver SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0x8AD5D858] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwOpenFile [0x8AD5E072] SSDT 8ED7DEC0 ZwOpenProcess SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwOpenSection [0x8AD5DAF2] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0x8AD5ECB2] SSDT 8ED7E7C0 ZwSetValueKey SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwShutdownSystem [0x8AD5D7C2] SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0x8AD5D9DE] SSDT 8ED7E1C0 ZwTerminateProcess SSDT \SystemRoot\system32\DRIVERS\cmdguard.sys ZwTerminateThread [0x8AD5D180] SSDT 8ED7F280 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 81E62599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E87092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 81E8E870 4 Bytes [30, E2, D5, 8A] {XOR DL, AH; AAD 0x8a} .text ntkrnlpa.exe!RtlSidHashLookup + 248 81E8E898 4 Bytes [1C, E4, D5, 8A] {SBB AL, 0xe4; AAD 0x8a} .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 81E8E92C 4 Bytes [90, D5, D5, 8A] .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 81E8E948 4 Bytes [96, DE, D5, 8A] .text ntkrnlpa.exe!RtlSidHashLookup + 308 81E8E958 4 Bytes [C0, E4, D7, 8E] .text ... ? system32\drivers\54823831.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[352] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\wbem\wmiprvse.exe[360] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wbem\wmiprvse.exe[360] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\wbem\wmiprvse.exe[360] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wbem\wmiprvse.exe[360] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\wbem\wmiprvse.exe[360] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\wbem\wmiprvse.exe[360] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\wbem\wmiprvse.exe[360] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\wbem\wmiprvse.exe[360] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\wbem\wmiprvse.exe[360] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\wbem\wmiprvse.exe[360] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\wbem\wmiprvse.exe[360] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\wbem\wmiprvse.exe[360] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\wbem\wmiprvse.exe[360] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\wbem\wmiprvse.exe[360] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\wbem\wmiprvse.exe[360] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\wbem\wmiprvse.exe[360] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[392] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 5 Bytes JMP 75331EB0 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtReplyWaitReceivePort 77195500 5 Bytes JMP 753315D0 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\csrss.exe[440] ntdll.dll!NtReplyWaitReceivePortEx 77195510 5 Bytes JMP 75331A40 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\wininit.exe[504] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [14, 71] {ADC AL, 0x71} .text C:\windows\system32\wininit.exe[504] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\wininit.exe[504] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\wininit.exe[504] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\wininit.exe[504] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\wininit.exe[504] USER32.dll!RegisterRawInputDevices 757A5C2F 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] USER32.dll!RegisterRawInputDevices + 4 757A5C33 2 Bytes [35, 71] .text C:\windows\system32\wininit.exe[504] USER32.dll!SystemParametersInfoA 757A7E90 6 Bytes JMP 7121000A .text C:\windows\system32\wininit.exe[504] USER32.dll!EnableWindow 757AA72E 6 Bytes JMP 711B000A .text C:\windows\system32\wininit.exe[504] USER32.dll!MoveWindow 757AA8C4 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] USER32.dll!MoveWindow + 4 757AA8C8 2 Bytes [2F, 71] .text C:\windows\system32\wininit.exe[504] USER32.dll!GetAsyncKeyState 757AC09A 6 Bytes JMP 7139000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SetParent 757AC696 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] USER32.dll!SetParent + 4 757AC69A 2 Bytes [32, 71] .text C:\windows\system32\wininit.exe[504] USER32.dll!RegisterHotKey 757AC8F9 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] USER32.dll!RegisterHotKey + 4 757AC8FD 2 Bytes [23, 71] .text C:\windows\system32\wininit.exe[504] USER32.dll!PostThreadMessageA 757ACBD1 6 Bytes JMP 7166000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendMessageA 757ACC28 6 Bytes JMP 7160000A .text C:\windows\system32\wininit.exe[504] USER32.dll!PostMessageA 757AD656 6 Bytes JMP 716C000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendNotifyMessageW 757AEB65 6 Bytes JMP 714B000A .text C:\windows\system32\wininit.exe[504] USER32.dll!PostThreadMessageW 757AECDE 6 Bytes JMP 7163000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SystemParametersInfoW 757AEEE1 6 Bytes JMP 711E000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7172000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendMessageTimeoutW 757B313E 6 Bytes JMP 7157000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendMessageCallbackW 757B4DFC 6 Bytes JMP 7151000A .text C:\windows\system32\wininit.exe[504] USER32.dll!GetKeyState 757B4FDA 6 Bytes JMP 713C000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 716F000A .text C:\windows\system32\wininit.exe[504] USER32.dll!PostMessageW 757B6225 6 Bytes JMP 7169000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendMessageW 757B764C 6 Bytes JMP 715D000A .text C:\windows\system32\wininit.exe[504] USER32.dll!GetClipboardData 757C4B47 6 Bytes JMP 7127000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendNotifyMessageA 757C67B4 6 Bytes JMP 714E000A .text C:\windows\system32\wininit.exe[504] USER32.dll!mouse_event 757C8146 6 Bytes JMP 7178000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SetClipboardViewer 757C8F4D 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] USER32.dll!SetClipboardViewer + 4 757C8F51 2 Bytes [2C, 71] {SUB AL, 0x71} .text C:\windows\system32\wininit.exe[504] USER32.dll!SendDlgItemMessageA 757C914D 6 Bytes JMP 7148000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendDlgItemMessageW 757D4CFE 6 Bytes JMP 7145000A .text C:\windows\system32\wininit.exe[504] USER32.dll!GetKeyboardState 757D6B3E 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] USER32.dll!GetKeyboardState + 4 757D6B42 2 Bytes [3E, 71] .text C:\windows\system32\wininit.exe[504] USER32.dll!BlockInput 757D6C84 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] USER32.dll!BlockInput + 4 757D6C88 2 Bytes [29, 71] .text C:\windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7175000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendMessageTimeoutA 757D6E97 6 Bytes JMP 715A000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendInput 757D7055 3 Bytes [FF, 25, 1E] .text C:\windows\system32\wininit.exe[504] USER32.dll!SendInput + 4 757D7059 2 Bytes [41, 71] .text C:\windows\system32\wininit.exe[504] USER32.dll!ExitWindowsEx 757F06EF 6 Bytes JMP 7118000A .text C:\windows\system32\wininit.exe[504] USER32.dll!keybd_event 757FEC9B 6 Bytes JMP 717B000A .text C:\windows\system32\wininit.exe[504] USER32.dll!SendMessageCallbackA 75803EEB 6 Bytes JMP 7154000A .text C:\windows\system32\wininit.exe[504] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\wininit.exe[504] GDI32.dll!BitBlt 77337180 6 Bytes JMP 7187000A .text C:\windows\system32\wininit.exe[504] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\wininit.exe[504] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\wininit.exe[504] GDI32.dll!MaskBlt 7733C681 6 Bytes JMP 7184000A .text C:\windows\system32\wininit.exe[504] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\wininit.exe[504] GDI32.dll!StretchBlt 7733F418 6 Bytes JMP 717E000A .text C:\windows\system32\wininit.exe[504] GDI32.dll!PlgBlt 77350900 6 Bytes JMP 7181000A .text C:\windows\system32\wininit.exe[504] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\csrss.exe[512] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 5 Bytes JMP 75331EB0 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\csrss.exe[512] ntdll.dll!NtReplyWaitReceivePort 77195500 5 Bytes JMP 753315D0 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\csrss.exe[512] ntdll.dll!NtReplyWaitReceivePortEx 77195510 5 Bytes JMP 75331A40 C:\Windows\system32\cmdcsr.dll .text C:\windows\system32\taskhost.exe[540] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[540] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\taskhost.exe[540] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[540] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\taskhost.exe[540] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\taskhost.exe[540] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\taskhost.exe[540] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\taskhost.exe[540] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\taskhost.exe[540] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\taskhost.exe[540] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\taskhost.exe[540] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\taskhost.exe[540] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\taskhost.exe[540] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\taskhost.exe[540] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\taskhost.exe[540] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\taskhost.exe[540] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\services.exe[620] services.exe 006B1608 4 Bytes [70, 39, 01, 10] {JO 0x3b; ADD [EAX], EDX} .text C:\windows\system32\services.exe[620] services.exe 006B1618 4 Bytes [50, 3D, 01, 10] .text C:\windows\system32\services.exe[620] services.exe 006B1638 4 Bytes [D0, 36, 01, 10] {SAL BYTE [ESI], 0x1; ADD [EAX], EDX} .text C:\windows\system32\services.exe[620] services.exe 006B1648 4 Bytes [70, 3B, 01, 10] {JO 0x3d; ADD [EAX], EDX} .text C:\windows\system32\services.exe[620] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\services.exe[620] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\services.exe[620] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\services.exe[620] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\services.exe[620] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\services.exe[620] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\services.exe[620] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\services.exe[620] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\services.exe[620] RPCRT4.dll!RpcServerRegisterIfEx 75B12640 6 Bytes JMP 7193000A .text C:\windows\system32\services.exe[620] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7181000A .text C:\windows\system32\services.exe[620] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717E000A .text C:\windows\system32\services.exe[620] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7184000A .text C:\windows\system32\services.exe[620] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7187000A .text C:\windows\system32\services.exe[620] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7190000A .text C:\windows\system32\services.exe[620] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 718D000A .text C:\windows\system32\services.exe[620] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718A000A .text C:\windows\system32\services.exe[620] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\lsass.exe[628] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\lsass.exe[628] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\lsass.exe[628] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\lsass.exe[628] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\lsass.exe[628] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\lsass.exe[628] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\lsass.exe[628] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\lsass.exe[628] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\lsass.exe[628] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\lsass.exe[628] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\lsass.exe[628] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\lsass.exe[628] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\lsass.exe[628] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\lsass.exe[628] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\lsass.exe[628] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\lsm.exe[636] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\lsm.exe[636] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\lsm.exe[636] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\lsm.exe[636] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\lsm.exe[636] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\lsm.exe[636] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\lsm.exe[636] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\lsm.exe[636] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\lsm.exe[636] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\lsm.exe[636] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\lsm.exe[636] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\lsm.exe[636] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\lsm.exe[636] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\lsm.exe[636] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\lsm.exe[636] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[684] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[760] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[760] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\svchost.exe[760] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[760] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[760] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[760] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[760] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[760] RPCRT4.dll!RpcServerRegisterIfEx 75B12640 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[760] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[760] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717E000A .text C:\windows\system32\svchost.exe[760] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[760] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[760] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[760] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[760] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[760] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[840] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[840] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\svchost.exe[840] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[840] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[840] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[840] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[840] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[840] RPCRT4.dll!RpcServerRegisterIfEx 75B12640 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[840] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[840] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717E000A .text C:\windows\system32\svchost.exe[840] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[840] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[840] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[840] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[840] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[840] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[840] rpcss.dll!CoGetComCatalog 74823A14 8 Bytes [10, 33, 01, 10, D0, 30, 01, ...] {ADC [EBX], DH; ADD [EAX], EDX; SAL BYTE [EAX], 0x1; ADD [EAX], EDX} .text C:\windows\system32\taskeng.exe[856] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskeng.exe[856] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\taskeng.exe[856] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskeng.exe[856] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\taskeng.exe[856] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\taskeng.exe[856] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\taskeng.exe[856] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\taskeng.exe[856] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\taskeng.exe[856] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\taskeng.exe[856] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\taskeng.exe[856] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\taskeng.exe[856] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\taskeng.exe[856] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\taskeng.exe[856] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\taskeng.exe[856] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\taskeng.exe[856] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[912] ntdll.dll!NtAllocateVirtualMemory 771943C0 5 Bytes JMP 011D3FD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[912] ntdll.dll!NtCreateFile 771946B0 5 Bytes JMP 0120DB90 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\windows\system32\svchost.exe[980] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[980] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[980] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[980] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[980] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[980] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[980] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[980] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[980] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[980] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[980] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[980] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[980] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[980] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[980] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[1008] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1008] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[1008] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1008] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[1008] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[1008] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[1008] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[1008] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[1008] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[1008] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\System32\svchost.exe[1024] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1024] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\svchost.exe[1024] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1024] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\System32\svchost.exe[1024] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\System32\svchost.exe[1024] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\System32\svchost.exe[1024] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\System32\svchost.exe[1024] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\System32\svchost.exe[1024] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\System32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\System32\svchost.exe[1060] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1060] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\svchost.exe[1060] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1060] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\System32\svchost.exe[1060] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\System32\svchost.exe[1060] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\System32\svchost.exe[1060] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\System32\svchost.exe[1060] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[1100] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1100] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\svchost.exe[1100] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1100] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[1100] RPCRT4.dll!RpcServerRegisterIfEx 75B12640 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[1100] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717E000A .text C:\windows\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[1100] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[1100] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[1100] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[1100] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 717E000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717B000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7181000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7184000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1132] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\igfxsrvc.exe[1140] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[1140] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\igfxsrvc.exe[1140] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[1140] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\igfxsrvc.exe[1140] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\igfxsrvc.exe[1140] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\igfxsrvc.exe[1140] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\igfxsrvc.exe[1140] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\igfxsrvc.exe[1140] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\igfxsrvc.exe[1140] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\igfxsrvc.exe[1140] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\igfxsrvc.exe[1140] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\igfxsrvc.exe[1140] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\igfxsrvc.exe[1140] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\igfxsrvc.exe[1140] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\igfxsrvc.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[1228] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1228] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[1228] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1228] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[1228] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[1228] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[1228] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[1228] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[1228] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[1320] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\Explorer.EXE[1432] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.EXE[1432] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\Explorer.EXE[1432] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.EXE[1432] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\Explorer.EXE[1432] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\Explorer.EXE[1432] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\Explorer.EXE[1432] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\Explorer.EXE[1432] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\Explorer.EXE[1432] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\Explorer.EXE[1432] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\Explorer.EXE[1432] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\Explorer.EXE[1432] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\Explorer.EXE[1432] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\Explorer.EXE[1432] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\Explorer.EXE[1432] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\Explorer.EXE[1432] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[1452] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[1508] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1508] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[1508] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1508] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[1508] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[1508] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[1508] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[1508] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[1508] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1540] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\WLANExt.exe[1548] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\WLANExt.exe[1548] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\WLANExt.exe[1548] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\WLANExt.exe[1548] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\WLANExt.exe[1548] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\WLANExt.exe[1548] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\WLANExt.exe[1548] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\WLANExt.exe[1548] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\WLANExt.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\WLANExt.exe[1548] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\WLANExt.exe[1548] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\WLANExt.exe[1548] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\WLANExt.exe[1548] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\WLANExt.exe[1548] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\WLANExt.exe[1548] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\WLANExt.exe[1548] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\conhost.exe[1556] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\conhost.exe[1556] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\conhost.exe[1556] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\conhost.exe[1556] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\conhost.exe[1556] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\conhost.exe[1556] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\conhost.exe[1556] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\conhost.exe[1556] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\conhost.exe[1556] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\conhost.exe[1556] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\conhost.exe[1556] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\conhost.exe[1556] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\conhost.exe[1556] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\conhost.exe[1556] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\conhost.exe[1556] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\conhost.exe[1556] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\System32\spoolsv.exe[1640] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\spoolsv.exe[1640] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\spoolsv.exe[1640] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\spoolsv.exe[1640] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\System32\spoolsv.exe[1640] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\spoolsv.exe[1640] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\System32\spoolsv.exe[1640] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\System32\spoolsv.exe[1640] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\System32\spoolsv.exe[1640] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\System32\spoolsv.exe[1640] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\System32\spoolsv.exe[1640] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\System32\spoolsv.exe[1640] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\System32\spoolsv.exe[1640] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\System32\spoolsv.exe[1640] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\System32\spoolsv.exe[1640] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\System32\spoolsv.exe[1640] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Windows\System32\hkcmd.exe[1656] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[1656] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\System32\hkcmd.exe[1656] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[1656] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Windows\System32\hkcmd.exe[1656] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Windows\System32\hkcmd.exe[1656] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Windows\System32\hkcmd.exe[1656] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Windows\System32\hkcmd.exe[1656] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Windows\System32\hkcmd.exe[1656] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Windows\System32\hkcmd.exe[1656] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Windows\System32\hkcmd.exe[1656] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Windows\System32\hkcmd.exe[1656] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Windows\System32\hkcmd.exe[1656] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Windows\System32\hkcmd.exe[1656] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Windows\System32\hkcmd.exe[1656] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Windows\System32\hkcmd.exe[1656] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\svchost.exe[1716] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1716] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7A, 71] {JP 0x73} .text C:\windows\system32\svchost.exe[1716] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[1716] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[1716] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[1716] RPCRT4.dll!RpcServerRegisterIfEx 75B12640 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[1716] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[1716] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717E000A .text C:\windows\system32\svchost.exe[1716] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[1716] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[1716] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[1716] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[1716] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\System32\svchost.exe[1984] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1984] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\System32\svchost.exe[1984] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\System32\svchost.exe[1984] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\System32\svchost.exe[1984] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\System32\svchost.exe[1984] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\System32\svchost.exe[1984] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\System32\svchost.exe[1984] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\System32\svchost.exe[1984] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\System32\svchost.exe[1984] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\System32\svchost.exe[1984] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\System32\svchost.exe[1984] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\System32\svchost.exe[1984] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\System32\svchost.exe[1984] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\System32\svchost.exe[1984] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\System32\svchost.exe[1984] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\CapsHook\CapsHook.exe[2016] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[2028] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Windows\System32\AsusService.exe[2032] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\AsusService.exe[2032] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\System32\AsusService.exe[2032] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\AsusService.exe[2032] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Windows\System32\AsusService.exe[2032] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Windows\System32\AsusService.exe[2032] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Windows\System32\AsusService.exe[2032] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Windows\System32\AsusService.exe[2032] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Windows\System32\AsusService.exe[2032] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Windows\System32\AsusService.exe[2032] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Windows\System32\AsusService.exe[2032] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Windows\System32\AsusService.exe[2032] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Windows\System32\AsusService.exe[2032] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Windows\System32\AsusService.exe[2032] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Windows\System32\AsusService.exe[2032] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Windows\System32\AsusService.exe[2032] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2068] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2176] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe[2188] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Users\Dorota\Downloads\3349x8zs.exe[2256] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\Dwm.exe[2308] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[2308] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\Dwm.exe[2308] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[2308] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\Dwm.exe[2308] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\Dwm.exe[2308] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\Dwm.exe[2308] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\Dwm.exe[2308] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\Dwm.exe[2308] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\Dwm.exe[2308] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\Dwm.exe[2308] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\Dwm.exe[2308] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\Dwm.exe[2308] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\Dwm.exe[2308] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\Dwm.exe[2308] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\Dwm.exe[2308] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2364] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2484] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2592] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2672] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2700] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2712] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2728] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[2868] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Windows\System32\igfxpers.exe[3096] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[3096] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Windows\System32\igfxpers.exe[3096] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[3096] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Windows\System32\igfxpers.exe[3096] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Windows\System32\igfxpers.exe[3096] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Windows\System32\igfxpers.exe[3096] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Windows\System32\igfxpers.exe[3096] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Windows\System32\igfxpers.exe[3096] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Windows\System32\igfxpers.exe[3096] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Windows\System32\igfxpers.exe[3096] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Windows\System32\igfxpers.exe[3096] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Windows\System32\igfxpers.exe[3096] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Windows\System32\igfxpers.exe[3096] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Windows\System32\igfxpers.exe[3096] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Windows\System32\igfxpers.exe[3096] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7184000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 717E000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717B000A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3108] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3156] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Users\Dorota\AppData\Local\Akamai\netsession_win.exe[3176] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3300] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\SearchIndexer.exe[3332] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\SearchIndexer.exe[3332] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\SearchIndexer.exe[3332] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\SearchIndexer.exe[3332] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\SearchIndexer.exe[3332] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\SearchIndexer.exe[3332] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\SearchIndexer.exe[3332] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\SearchIndexer.exe[3332] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\SearchIndexer.exe[3332] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\SearchIndexer.exe[3332] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\SearchIndexer.exe[3332] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\SearchIndexer.exe[3332] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\SearchIndexer.exe[3332] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\SearchIndexer.exe[3332] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\SearchIndexer.exe[3332] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\SearchIndexer.exe[3332] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[3368] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[3368] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[3368] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[3368] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[3368] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[3368] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[3368] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[3368] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[3368] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[3368] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[3368] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[3368] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[3368] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[3368] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[3368] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[3368] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [73, 71] {JAE 0x73} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7180000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7189000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7186000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 7183000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 717A000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7177000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3564] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 717D000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3576] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [73, 71] {JAE 0x73} .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7180000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7189000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7186000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 7183000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 717A000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7177000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 717D000A .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3580] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Elantech\ETDCtrl.exe[3972] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Elantech\ETDCtrl.exe[3972] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Elantech\ETDCtrl.exe[3972] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Elantech\ETDCtrl.exe[3972] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Elantech\ETDCtrl.exe[3972] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[4024] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[4024] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\svchost.exe[4024] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\svchost.exe[4024] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\svchost.exe[4024] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\svchost.exe[4024] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\svchost.exe[4024] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\svchost.exe[4024] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\svchost.exe[4024] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\svchost.exe[4024] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\svchost.exe[4024] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\svchost.exe[4024] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\svchost.exe[4024] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\svchost.exe[4024] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\svchost.exe[4024] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\svchost.exe[4024] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Windows Sidebar\sidebar.exe[4064] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] KERNEL32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] KERNEL32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] KERNEL32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4576] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\windows\system32\taskhost.exe[5080] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[5080] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\taskhost.exe[5080] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[5080] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\taskhost.exe[5080] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\taskhost.exe[5080] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\windows\system32\taskhost.exe[5080] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\windows\system32\taskhost.exe[5080] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\windows\system32\taskhost.exe[5080] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\windows\system32\taskhost.exe[5080] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\windows\system32\taskhost.exe[5080] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\windows\system32\taskhost.exe[5080] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\windows\system32\taskhost.exe[5080] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\windows\system32\taskhost.exe[5080] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\windows\system32\taskhost.exe[5080] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\windows\system32\taskhost.exe[5080] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\COMODO\COMODO Internet Security\CIS.exe[5252] ntdll.dll!NtAllocateVirtualMemory 771943C0 5 Bytes JMP 00F92FB0 C:\Program Files\COMODO\COMODO Internet Security\CIS.exe .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] ntdll.dll!wcsncmp + 33B 771AF420 7 Bytes JMP 63656D70 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 75E9C057 7 Bytes JMP 639AD713 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] kernel32.dll!CloseHandle + 38 75EA058F 7 Bytes JMP 639AD736 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] kernel32.dll!GetExitCodeProcess + 2C 75EA30DD 7 Bytes JMP 63671C62 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] USER32.dll!GetWindowInfo 757B6A82 5 Bytes JMP 63836045 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] GDI32.dll!GetViewportOrgEx + 21C 773385EB 7 Bytes JMP 639AD694 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Mozilla Firefox\firefox.exe[5336] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Skype\Phone\Skype.exe[5684] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Skype\Phone\Skype.exe[5684] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Skype\Phone\Skype.exe[5684] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Skype\Phone\Skype.exe[5684] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\Skype\Phone\Skype.exe[5684] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\COMODO\COMODO Internet Security\CIS.exe[6072] ntdll.dll!NtAllocateVirtualMemory 771943C0 5 Bytes JMP 00F92FB0 C:\Program Files\COMODO\COMODO Internet Security\CIS.exe .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [78, 71] {JS 0x73} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtCreateFile + 6 771946B6 4 Bytes [28, 08, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtCreateFile + B 771946BB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtCreateKey + 6 771946F6 4 Bytes [68, 09, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtCreateKey + B 771946FB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtCreateMutant + 6 77194736 4 Bytes [68, 0A, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtCreateMutant + B 7719473B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtCreateSection + 6 771947D6 4 Bytes [A8, 0A, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtCreateSection + B 771947DB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtMapViewOfSection + 6 77194D16 4 Bytes CALL 76196427 C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtMapViewOfSection + B 77194D1B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenFile + 6 77194DC6 4 Bytes [68, 08, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenFile + B 77194DCB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenKey + 6 77194DF6 4 Bytes [A8, 09, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenKey + B 77194DFB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenKeyEx + 6 77194E06 4 Bytes CALL 76196514 C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenKeyEx + B 77194E0B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenMutant + 6 77194E46 4 Bytes [28, 0A, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenMutant + B 77194E4B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenProcess + 6 77194E76 4 Bytes [68, 0B, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenProcess + B 77194E7B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenProcessToken + 6 77194E86 4 Bytes [A8, 0B, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenProcessToken + B 77194E8B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenProcessTokenEx + 6 77194E96 4 Bytes [68, 0C, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenProcessTokenEx + B 77194E9B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenSection + 6 77194EB6 4 Bytes CALL 761965C5 C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenSection + B 77194EBB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenThread + 6 77194EF6 4 Bytes [28, 0B, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenThread + B 77194EFB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenThreadToken + 6 77194F06 4 Bytes [28, 0C, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenThreadToken + B 77194F0B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenThreadTokenEx + 6 77194F16 4 Bytes [A8, 0C, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtOpenThreadTokenEx + B 77194F1B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtQueryAttributesFile + 6 77195026 4 Bytes [A8, 08, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtQueryAttributesFile + B 7719502B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtQueryFullAttributesFile + 6 771950D6 4 Bytes CALL 761967E3 C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtQueryFullAttributesFile + B 771950DB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtSetInformationFile + 6 77195726 4 Bytes [28, 09, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtSetInformationFile + B 7719572B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtSetInformationThread + 6 77195786 4 Bytes CALL 76196E96 C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtSetInformationThread + B 7719578B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtUnmapViewOfSection + 6 77195AA6 4 Bytes [28, 0D, 17, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!NtUnmapViewOfSection + B 77195AAB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] kernel32.dll!CreateProcessW 75E5202D 5 Bytes JMP 001C0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] kernel32.dll!CreateProcessA 75E52062 5 Bytes JMP 001C0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7194000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SelectObject 773361D0 5 Bytes JMP 002705F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SetTextColor 77336622 5 Bytes JMP 00270A30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SetBkMode 773366CD 5 Bytes JMP 002708F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!DeleteObject 773368B4 5 Bytes JMP 002701B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!DeleteDC 77336A2C 5 Bytes JMP 00270170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!ExtSelectClipRgn 77336C72 5 Bytes JMP 002702F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SelectClipRgn 77336D84 5 Bytes JMP 002705B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetDeviceCaps 77336E03 5 Bytes JMP 002703B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SetStretchBltMode 773373CE 5 Bytes JMP 002706B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetCurrentObject 7733777C 5 Bytes JMP 00270370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetTextMetricsW 7733798F 5 Bytes JMP 00270E30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!IntersectClipRect 77337CCA 5 Bytes JMP 002703F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetTextAlign 77337D15 5 Bytes JMP 00270D70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SetTextAlign 77337F92 5 Bytes JMP 002709F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!ExtTextOutW 77338053 5 Bytes JMP 00270970 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetClipBox 773381F2 5 Bytes JMP 00270330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!MoveToEx 77338A16 5 Bytes JMP 00270470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!CreateDCA 77339975 5 Bytes JMP 002700B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!RestoreDC 77339A10 5 Bytes JMP 00270530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SaveDC 77339AD2 5 Bytes JMP 00270570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!StretchDIBits 7733AC38 5 Bytes JMP 00270770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetTextFaceW 7733B4CC 5 Bytes JMP 00270D30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetTextExtentPoint32W 7733B535 5 Bytes JMP 00270670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetFontData 7733B8E8 5 Bytes JMP 00270C70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!CreateDCW 7733BD21 5 Bytes JMP 002700F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!CreateICW 7733C660 5 Bytes JMP 00270130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 7189000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!LineTo 7733CA20 5 Bytes JMP 00270430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SetWorldTransform 7733CB42 5 Bytes JMP 002706F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetTextMetricsA 7733CE46 5 Bytes JMP 00270DF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!Rectangle 7733F5BE 5 Bytes JMP 002709B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SetICMMode 7733F8D4 5 Bytes JMP 00270DB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!ExtTextOutA 77340158 5 Bytes JMP 00270930 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetTextExtentPoint32A 773408BB 5 Bytes JMP 00270630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!Escape 77340B0D 5 Bytes JMP 00270270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!ExtEscape 77343472 5 Bytes JMP 002702B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetTextFaceA 77343E49 5 Bytes JMP 00270CF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SetPolyFillMode 77346CE1 5 Bytes JMP 00270B30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SetMiterLimit 77346E54 5 Bytes JMP 00270B70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!ResetDCW 7735031C 5 Bytes JMP 00270AB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!EndPage 773507CD 5 Bytes JMP 00270230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!GetGlyphOutlineW 7735C292 5 Bytes JMP 00270CB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!CreateScalableFontResourceW 7735E8EF 5 Bytes JMP 00270BB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!AddFontResourceW 7735ECEB 5 Bytes JMP 00270BF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!RemoveFontResourceW 7735F1E1 5 Bytes JMP 00270C30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!AbortDoc 77364D37 5 Bytes JMP 00270030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!EndDoc 7736517E 5 Bytes JMP 002701F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!StartPage 77365269 5 Bytes JMP 00270730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!StartDocW 77365BB6 5 Bytes JMP 002707F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!BeginPath 7736635D 5 Bytes JMP 00270830 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!SelectClipPath 773663B4 5 Bytes JMP 00270AF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!CloseFigure 7736640F 5 Bytes JMP 00270070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!EndPath 77366466 5 Bytes JMP 00270A70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!StrokePath 77366699 5 Bytes JMP 002707B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!FillPath 77366726 5 Bytes JMP 00270870 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!PolylineTo 77366B94 5 Bytes JMP 002704F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!PolyBezierTo 77366C25 5 Bytes JMP 002704B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] GDI32.dll!PolyDraw 77366CD7 5 Bytes JMP 002708B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!ActivateKeyboardLayout 757A817D 5 Bytes JMP 002804F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!ScreenToClient 757AC1F2 7 Bytes JMP 00280670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!RegisterClipboardFormatA 757AE6B1 5 Bytes JMP 002802F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!RegisterClipboardFormatW 757AEDFD 5 Bytes JMP 002802B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 717F000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717C000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!SetCursor 757B52EA 5 Bytes JMP 00280530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!MonitorFromWindow 757B590A 7 Bytes JMP 00280630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!PostMessageW 757B6225 5 Bytes JMP 002805F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!IsWindowVisible 757B6939 7 Bytes JMP 002806B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetClientRect 757B74B1 7 Bytes JMP 002805B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!MapWindowPoints 757B7915 5 Bytes JMP 00280570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetParent 757B7AB3 7 Bytes JMP 002806F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!SetClipboardData 757C4979 5 Bytes JMP 00280170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!EmptyClipboard 757C4A28 5 Bytes JMP 00280130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetClipboardData 757C4B47 5 Bytes JMP 00280030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!EnumClipboardFormats 757C4D98 5 Bytes JMP 002801B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetClipboardFormatNameW 757C7EB2 5 Bytes JMP 00280230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!SetClipboardViewer 757C8F4D 5 Bytes JMP 002804B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetClipboardFormatNameA 757C8F61 5 Bytes JMP 00280270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetOpenClipboardWindow 757C902F 1 Byte [E9] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetOpenClipboardWindow 757C902F 5 Bytes JMP 002803F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!ChangeClipboardChain 757D3425 5 Bytes JMP 00280430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetTopWindow 757D3A5D 7 Bytes JMP 00280730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!CloseClipboard 757D5BA7 5 Bytes JMP 002800B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!OpenClipboard 757D5BB9 5 Bytes JMP 00280070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!IsClipboardFormatAvailable 757D5C3A 5 Bytes JMP 002800F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetClipboardSequenceNumber 757D5C4E 5 Bytes JMP 00280330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetClipboardOwner 757D5C60 5 Bytes JMP 00280370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!CountClipboardFormats 757D5DC9 5 Bytes JMP 002801F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7182000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!SetCursorPos 757EC1D8 5 Bytes JMP 00280770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetClipboardViewer 75804B57 5 Bytes JMP 00280470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] USER32.dll!GetPriorityClipboardFormat 75804C59 5 Bytes JMP 002803B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7197000A .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ole32.dll!OleSetClipboard 76BEF2FE 5 Bytes JMP 00290030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ole32.dll!OleIsCurrentClipboard 76BF2489 5 Bytes JMP 00290070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[6340] ole32.dll!OleGetClipboard 76C1F825 5 Bytes JMP 002900B0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] USER32.dll!CharToOemA + 3A 757AB1DE 7 Bytes JMP 63BE43E6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 717E000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 717B000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] USER32.dll!AdjustWindowRectEx + 117 757B660F 7 Bytes JMP 63BE4375 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] USER32.dll!GetWindowInfo 757B6A82 5 Bytes JMP 6382E50D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] USER32.dll!MenuItemFromPoint + F 757D4B36 7 Bytes JMP 6382E9FB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7181000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7184000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6724] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[7412] ntdll.dll!NtAllocateVirtualMemory 771943C0 5 Bytes JMP 00D81000 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe .text C:\windows\system32\AUDIODG.EXE[7596] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\windows\system32\AUDIODG.EXE[7596] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\windows\system32\AUDIODG.EXE[7596] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\windows\system32\AUDIODG.EXE[7596] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\windows\system32\AUDIODG.EXE[7596] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A7001E .text C:\windows\system32\AUDIODG.EXE[7596] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719E001E .text C:\windows\system32\AUDIODG.EXE[7596] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719B001E .text C:\windows\system32\AUDIODG.EXE[7596] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7195001E .text C:\windows\system32\AUDIODG.EXE[7596] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7183001E .text C:\windows\system32\AUDIODG.EXE[7596] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7180001E .text C:\windows\system32\AUDIODG.EXE[7596] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7186001E .text C:\windows\system32\AUDIODG.EXE[7596] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 7189001E .text C:\windows\system32\AUDIODG.EXE[7596] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7192001E .text C:\windows\system32\AUDIODG.EXE[7596] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 718F001E .text C:\windows\system32\AUDIODG.EXE[7596] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718C001E .text C:\windows\system32\AUDIODG.EXE[7596] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7198001E .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] ntdll.dll!NtAlpcSendWaitReceivePort 77194500 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] ntdll.dll!NtAlpcSendWaitReceivePort + 4 77194504 2 Bytes [7D, 71] {JGE 0x73} .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] ntdll.dll!NtClose 771945B0 3 Bytes [FF, 25, 1E] .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] ntdll.dll!NtClose + 4 771945B4 2 Bytes [AE, 71] .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] ntdll.dll!LdrUnloadDll 771ABD1F 6 Bytes JMP 71A8000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] kernel32.dll!CreateProcessW 75E5202D 6 Bytes JMP 719F000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] kernel32.dll!CreateProcessA 75E52062 6 Bytes JMP 719C000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] kernel32.dll!CreateProcessAsUserW 75E879D4 6 Bytes JMP 7196000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] ADVAPI32.dll!CreateProcessAsUserA 76DB14FD 6 Bytes JMP 7199000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] GDI32.dll!DeleteDC 77336A2C 6 Bytes JMP 718A000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] GDI32.dll!CreateDCA 77339975 6 Bytes JMP 7193000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] GDI32.dll!CreateDCW 7733BD21 6 Bytes JMP 7190000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] GDI32.dll!GetPixel 7733C714 6 Bytes JMP 718D000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] USER32.dll!SetWindowsHookExW 757B210A 6 Bytes JMP 7184000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] USER32.dll!SetWinEventHook 757B507E 6 Bytes JMP 7181000A .text C:\Users\Dorota\AppData\Local\Temp\Rar$EX00.810\TDSSKiller.exe[7620] USER32.dll!SetWindowsHookExA 757D6DFA 6 Bytes JMP 7187000A ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B124FA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73AF565B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73AF5719] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B12575] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B085D9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B04D8D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B05134] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B05209] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B06736] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B08330] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B0887F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B090E0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B0E283] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll IAT C:\windows\Explorer.EXE[1432] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B04CBF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc04d37 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc04d37@78471d45cef6 0x96 0x9A 0xE0 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc04d37@78471d556f69 0x94 0x9A 0x86 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc04d37 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc04d37@78471d45cef6 0x96 0x9A 0xE0 0x83 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc04d37@78471d556f69 0x94 0x9A 0x86 0xA2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 ---- EOF - GMER 2.1 ----