GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-22 14:45:02 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS728080PLA380 rev.PF2OA63A Running: gmer.exe; Driver: C:\DOCUME~1\CheliB\LOCALS~1\Temp\uwdcqpog.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF74330C0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF74330D4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7433100] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF74330AC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7433084] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7433098] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF74330EA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF743312C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7433116] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwRenameKey + 4 80623B16 3 Bytes [76, 90, 90] {JBE 0xffffffffffffff92; NOP } .text PCIIDEX.SYS!PciIdeXSetBusData + B2A F78B345E 3 Bytes [AF, CC, 85] .text PCIIDEX.SYS!PciIdeXSetBusData + D72 F78B36A6 4 Bytes JMP 8570C34C .text PCIIDEX.SYS!PciIdeXDebugPrint + 24 F78B36DE 3 Bytes [AF, CC, 85] .text PCIIDEX.SYS!PciIdeXDebugPrint + 173 F78B382D 4 Bytes JMP 8570C34C .text PCIIDEX.SYS!PciIdeXDebugPrint + 1A8 F78B3862 4 Bytes JMP 8570C34C PAGE PCIIDEX.SYS!PciIdeXDebugPrint + 7CC F78B3E86 3 Bytes [AF, CC, 85] PAGE PCIIDEX.SYS!PciIdeXDebugPrint + 19B9 F78B5073 3 Bytes [AF, CC, 85] PAGE ... PAGE PCIIDEX.SYS!PciIdeXInitialize + 289 F78B6C65 3 Bytes [AF, CC, 85] .text atapi.sys F7498EC5 4 Bytes JMP 857DA114 .text atapi.sys F7499119 4 Bytes JMP 857DA114 .text atapi.sys F74995BB 4 Bytes JMP 857DA114 .text atapi.sys F749976C 4 Bytes JMP 857DA114 .text atapi.sys F749983B 4 Bytes JMP 857DA114 .text ... .text SCSIPORT.SYS!ScsiPortInitialize F747D6AF 4 Bytes JMP 85592114 .text SCSIPORT.SYS!ScsiPortInitialize F747DA45 4 Bytes JMP 85592114 .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 852 F747ED5A 4 Bytes JMP 85EEA65C .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + FB6 F747F4BE 4 Bytes JMP 8529F99C .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + FDA F747F4E2 4 Bytes JMP 85592114 .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 1710 F747FC18 4 Bytes JMP 85EEA65C .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 17F8 F747FD00 4 Bytes JMP 85EEA65C .text ... .text SCSIPORT.SYS!ScsiPortCompleteRequest + 10C F7482576 4 Bytes JMP 85EEA65C .text SCSIPORT.SYS!ScsiPortCompleteRequest + 1A9 F7482613 4 Bytes JMP 8529F99C .text SCSIPORT.SYS!ScsiPortCompleteRequest + 2BA F7482724 4 Bytes JMP 85BD82BC .text SCSIPORT.SYS!ScsiPortCompleteRequest + 2F6 F7482760 4 Bytes JMP 8529F99C .text SCSIPORT.SYS!ScsiPortCompleteRequest + 3F0 F748285A 4 Bytes JMP 8529F99C .text ... .text CLASSPNP.SYS!ClassReleaseRemoveLock + 193 F7672553 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassCompleteRequest + D F7672BF0 4 Bytes JMP 85815A44 .text CLASSPNP.SYS!ClassCompleteRequest + 3F6 F7672FD9 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassSendSrbSynchronous + EE F767318C 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassDeviceControl + BD F7673591 4 Bytes JMP 85815A44 .text CLASSPNP.SYS!ClassReleaseQueue + EA F7674372 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassReleaseChildLock + 66 F76749C6 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassSendIrpSynchronous + 3A F7674B90 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassGetDriverExtension + 15D F7675131 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassFindModePage + 1D3 F7675775 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassFindModePage + 77F F7675D21 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassFindModePage + 9A6 F7675F48 4 Bytes JMP 8529FFFC .text CLASSPNP.SYS!ClassFindModePage + ADC F767607E 4 Bytes JMP 85CD1114 .text CLASSPNP.SYS!ClassFindModePage + B06 F76760A8 4 Bytes JMP 857D4114 .text ... .text CLASSPNP.SYS!ClassInternalIoControl + 87 F7676FAF 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassGetVpb + 167 F76771AB 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassSendStartUnit + C9 F7677421 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassSendSrbAsynchronous + 10D F767756C 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassWmiFireEvent + 3A9 F7677A16 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassWmiFireEvent + 843 F7677EB0 4 Bytes JMP 857D4114 .text CLASSPNP.SYS!ClassIoCompleteAssociated + 18B F76784E9 4 Bytes JMP 8529FFFC PAGE CLASSPNP.SYS!ClassDebugPrint + 59B F7678B33 4 Bytes JMP 857D4114 PAGE CLASSPNP.SYS!ClassDebugPrint + 7B5 F7678D4D 4 Bytes JMP 857D4114 init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA9F13A00] .text ipsec.sys A90E7000 17 Bytes [A9, FF, B5, 04, FF, FF, FF, ...] .text ipsec.sys A90E7012 54 Bytes [10, 00, 00, 57, 1B, DB, 81, ...] .text ipsec.sys A90E704B 38 Bytes CALL A90E6D1C \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) .text ipsec.sys A90E7072 8 Bytes [68, 1A, 72, 0E, A9, FF, B5, ...] .text ipsec.sys A90E707B 45 Bytes CALL A90E6D1A \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) .text ... ? C:\WINDOWS\system32\DRIVERS\ipsec.sys suspicious PE modification ? system32\drivers\78049165.sys The system cannot find the path specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[328] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01740001 .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\udaterui.exe[360] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02070001 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[428] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 058C0001 .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 39008487 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation) .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Microsoft Office\Office14\VISIO.EXE[488] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 39501F41 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation) .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 023A0001 .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[896] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 013E000A .text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 013F000A .text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 013D000C .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001 .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\CheliB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[968] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\ping.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB000A .text C:\WINDOWS\System32\ping.exe[1060] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BC000A .text C:\WINDOWS\System32\ping.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A6000A .text C:\WINDOWS\System32\ping.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A7000A .text C:\WINDOWS\System32\ping.exe[1060] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A5000C .text C:\WINDOWS\System32\ping.exe[1060] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BF000A .text C:\WINDOWS\System32\ping.exe[1060] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00C0000A .text C:\WINDOWS\System32\ping.exe[1060] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C1000A .text C:\WINDOWS\System32\ping.exe[1060] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00BE000A .text C:\WINDOWS\system32\ctfmon.exe[1140] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001 .text C:\WINDOWS\system32\ctfmon.exe[1140] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1140] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1140] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001 .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe[2508] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2752] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001 .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\WinZip\WZQKPICK.EXE[2768] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\taskmgr.exe[2800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001 .text C:\WINDOWS\system32\taskmgr.exe[2800] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\taskmgr.exe[2800] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\taskmgr.exe[2800] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001 .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe[2928] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\Explorer.EXE[3048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0758000A .text C:\WINDOWS\Explorer.EXE[3048] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0782000A .text C:\WINDOWS\Explorer.EXE[3048] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0757000C .text C:\WINDOWS\Explorer.EXE[3048] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\WINDOWS\Explorer.EXE[3048] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\WINDOWS\Explorer.EXE[3048] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3048] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3048] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\hkcmd.exe[3432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01090001 .text C:\WINDOWS\system32\hkcmd.exe[3432] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3432] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\hkcmd.exe[3432] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\hkcmd.exe[3432] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[3432] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\WINDOWS\system32\igfxpers.exe[3584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01240001 .text C:\WINDOWS\system32\igfxpers.exe[3584] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3584] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\igfxpers.exe[3584] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\igfxpers.exe[3584] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[3584] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[3708] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01120001 .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[3720] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3864] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02BD000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02BE000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02BC000C .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015E0001 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106ACCFA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106ACC8C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E78C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4180] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045ED49 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001 .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\DOCUME~1\CheliB\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4976] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0040142F C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012E0001 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F580F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F5E0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F5B0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F640F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 6 Bytes JMP 5F610F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [68, 5F] .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!SelectObject 77F15B70 6 Bytes JMP 5F490F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!SetTextColor 77F15D77 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!SetBkColor 77F15E29 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 5F280F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!StretchDIBits 77F1B0AE 6 Bytes JMP 5F520F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F550F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F040F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!SetPixel 77F1B84B 6 Bytes JMP 5F430F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!SetPixelV 77F1B914 6 Bytes JMP 5F460F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!FrameRgn 77F1BF87 6 Bytes JMP 5F400F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!SetDCBrushColor 77F1C202 6 Bytes JMP 5F310F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!ExtEscape 77F1C3CC 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!FillRgn 77F1E01B 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!CreateICA 77F1EA89 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!ResetDCW 77F2B9AF 6 Bytes JMP 5F250F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!CreateICW 77F2C813 6 Bytes JMP 5F100F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F190F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!SetDCPenColor 77F439A9 6 Bytes JMP 5F340F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!ResetDCA 77F44C29 6 Bytes JMP 5F220F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!ExtFloodFill 77F454AD 6 Bytes JMP 5F370F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!FloodFill 77F455E3 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5744] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [14, 5F] {ADC AL, 0x5f} ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) Device \Driver\20171743 \Device\KLMD14092011_206080 78049165.sys AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) A9121000-A913B000 (106496 bytes) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0LOLD86Q\blank[1].gif 70 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\24SEO34S\dateborder[1].gif 0 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\24SEO34S\139214903[1].js 147 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\24SEO34S\libido-foods-wide[1].jpg 10958 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3KPEPHQA\2[1].gif 2383 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3KPEPHQA\adriana-lima%E2%80%99s-sizzling-victoria%E2%80%99s-secret-shoot-490672[1].txt 42693 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199 0 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\bckfg.tmp 814 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\cfg.ini 206 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\keywords 259 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\kwrd.dll 223744 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\L 0 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\L\yyxlgrli 75264 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\lsflt7.ver 5176 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\U 0 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\U\00000001.@ 1536 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\U\00000002.@ 224768 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\U\00000004.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\U\80000000.@ 11264 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\U\80000004.@ 12800 bytes File C:\WINDOWS\$NtUninstallKB23033$\1266029199\U\80000032.@ 97792 bytes File C:\WINDOWS\$NtUninstallKB23033$\4231694209 0 bytes ---- EOF - GMER 1.0.15 ----