Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Help Needed In the removal of Win32.Trojan-gen,Win32 etc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Pronitron » September 9th, 2008, 12:02 pm

Hey.When I run my antivirus product, Avast Antivirus I find 3 infections win32.Trojan-Gen, win32.Rootkit-Gen and win32.agent and when I try and quarantine these infections or delete them (tried in Safe Mode and Avast Boot scan) it says error 42111 "the operation is not supported for this type of archive" and doesn't let me do anything with these trojans.I would very much like someones help please in the removal of these infections Here is my Hijackthis log and I have also uploaded my avast log after so you can see which folders are infected, because I cannot find these folders anywhere on my computer.Thank you very much for your time and any help would be greatly appreciated as I'm told these are backdoor hacker infections.

Here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:11, on 09/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Ifan\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4087570461-1196769236-1156445644-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Donna')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

Here is my Avast Antivirus 4.8 log

24/08/2008 15:24:28 SYSTEM 1628 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
24/08/2008 15:24:28 SYSTEM 1628 An error has occured while attempting to update. Please check the logs.
24/08/2008 15:36:56 Ifan 4448 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
24/08/2008 15:39:50 Ifan 6932 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
24/08/2008 16:11:54 SYSTEM 1636 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
24/08/2008 16:11:55 SYSTEM 1636 An error has occured while attempting to update. Please check the logs.
24/08/2008 18:53:10 SYSTEM 1692 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
24/08/2008 18:53:10 SYSTEM 1692 An error has occured while attempting to update. Please check the logs.
24/08/2008 19:58:21 SYSTEM 1772 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
24/08/2008 19:58:23 SYSTEM 1772 An error has occured while attempting to update. Please check the logs.
24/08/2008 20:09:24 Ifan 7952 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
24/08/2008 23:14:55 SYSTEM 1560 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
24/08/2008 23:14:56 SYSTEM 1560 An error has occured while attempting to update. Please check the logs.
24/08/2008 23:20:30 Ifan 4780 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
25/08/2008 09:01:41 SYSTEM 1596 AAVM: VPS load failed, trying to get a fresh copy...
25/08/2008 09:02:21 SYSTEM 1596 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
25/08/2008 09:02:21 SYSTEM 1596 aswServ::AavmStart ERROR...
25/08/2008 09:08:39 SYSTEM 1596 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
25/08/2008 09:08:39 SYSTEM 1596 An error has occured while attempting to update. Please check the logs.
25/08/2008 09:17:50 SYSTEM 1620 AAVM: VPS load failed, trying to get a fresh copy...
25/08/2008 09:25:04 SYSTEM 1596 AAVM: VPS load failed, trying to get a fresh copy...
25/08/2008 09:25:41 SYSTEM 1596 Function setifaceUpdatePackages() has failed. Return code is 0x2000000B, dwRes is 2000000B.
25/08/2008 09:25:42 SYSTEM 1596 aswServ::AavmStart ERROR...
25/08/2008 10:22:05 SYSTEM 1588 AAVM: VPS load failed, trying to get a fresh copy...
25/08/2008 10:22:22 SYSTEM 1588 Function setifaceUpdateFiles() has failed. Return code is 0x20000011, dwRes is 20000011.
25/08/2008 10:22:22 SYSTEM 1588 aswServ::AavmStart ERROR...
27/08/2008 17:26:12 SYSTEM 1600 AAVM: VPS load failed, trying to get a fresh copy...
27/08/2008 17:35:44 SYSTEM 1504 AAVM: VPS load failed, trying to get a fresh copy...
27/08/2008 17:36:12 SYSTEM 1504 aswServ::AavmStart ERROR...
02/09/2008 15:11:16 SYSTEM 1580 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Program Files\PCHealthCenter\7.exe" file.
02/09/2008 15:11:24 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\xrdwbfgn.dll" file.
02/09/2008 15:11:32 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\dgksvbpn.dll" file.
02/09/2008 15:11:35 SYSTEM 1580 Sign of "BV:Vapsup-A" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\install.bat" file.
02/09/2008 15:11:40 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\sxmaokgf.exe" file.
02/09/2008 15:11:48 SYSTEM 1580 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\vanwxemggxa.dll" file.
02/09/2008 15:11:48 SYSTEM 1580 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter.exe" file.
02/09/2008 15:11:53 SYSTEM 1580 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\2.exe" file.
02/09/2008 15:11:55 SYSTEM 1580 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\4.exe" file.
02/09/2008 15:11:57 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\nsb33BE.tmp" file.
02/09/2008 15:12:10 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\xrdwbfgn.dll" file.
02/09/2008 15:12:13 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\dgksvbpn.dll" file.
02/09/2008 15:12:20 SYSTEM 1580 Sign of "BV:Vapsup-A" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\install.bat" file.
02/09/2008 15:12:22 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\sxmaokgf.exe" file.
02/09/2008 15:12:23 SYSTEM 1580 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\vanwxemggxa.dll" file.
02/09/2008 15:12:23 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\nsbE782.tmp" file.
02/09/2008 15:13:01 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\xrdwbfgn.dll" file.
02/09/2008 15:13:06 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\dgksvbpn.dll" file.
02/09/2008 15:13:07 SYSTEM 1580 Sign of "BV:Vapsup-A" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\install.bat" file.
02/09/2008 15:13:08 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\sxmaokgf.exe" file.
02/09/2008 15:13:09 SYSTEM 1580 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\vanwxemggxa.dll" file.
02/09/2008 15:13:10 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\nsrAED6.tmp" file.
02/09/2008 15:13:49 SYSTEM 1580 Sign of "Win32:Zlob-APQ [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\xrdwbfgn.dll" file.
02/09/2008 15:13:56 SYSTEM 1580 Sign of "BV:Vapsup-A" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\install.bat" file.
02/09/2008 15:13:59 SYSTEM 1580 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\vanwxemgbdp.dll" file.
02/09/2008 15:14:02 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\esvq.exe" file.
02/09/2008 15:14:03 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\sxmaokgf.exe" file.
02/09/2008 15:14:04 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\dgksvbpn.dll" file.
02/09/2008 15:14:04 SYSTEM 1580 Sign of "Win32:Zlob-APQ [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\nsh6D06.tmp" file.
02/09/2008 15:14:38 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\xrdwbfgn.dll" file.
02/09/2008 15:14:42 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\dgksvbpn.dll" file.
02/09/2008 15:14:42 SYSTEM 1580 Sign of "BV:Vapsup-A" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\install.bat" file.
02/09/2008 15:14:43 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\sxmaokgf.exe" file.
02/09/2008 15:14:43 SYSTEM 1580 Sign of "Win32:Vapsup-EB [Adw]" has been found in "C:\Users\Ifan\AppData\Local\Temp\ac8zt2\vanwxemggxa.dll" file.
02/09/2008 15:14:44 SYSTEM 1580 Sign of "Win32:Vapsup-IM [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\nsc2D29.tmp" file.
02/09/2008 15:15:50 SYSTEM 1580 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "globalroot\systemroot\system32\tdssadw.dll" file.
02/09/2008 16:16:09 Ifan 13248 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Windows\Downloaded Program Files\VideoEggPublisher.exe\$PROGRAMFILES\VideoEgg\updater.exe" file.
03/09/2008 19:49:57 SYSTEM 1680 Sign of "Win32:Bravix [Drp]" has been found in "C:\Windows\System32\tdssserf.dll" file.
03/09/2008 19:50:27 SYSTEM 1680 Sign of "Win32:Bravix [Drp]" has been found in "C:\Windows\System32\tdssserf.dll" file.
03/09/2008 19:50:32 SYSTEM 1680 Sign of "Win32:Bravix [Drp]" has been found in "C:\Windows\System32\tdsslog.dll" file.
03/09/2008 19:50:33 SYSTEM 1680 Sign of "Win32:Bravix [Drp]" has been found in "C:\Windows\System32\tdsslog.dll" file.
03/09/2008 20:05:02 Donna 5916 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\1.exe" file.
03/09/2008 20:06:44 Donna 5916 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\PCHealthCenter\3.exe" file.
03/09/2008 21:07:35 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\$WINDOWS.~Q\DATA\Users\Ifan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Ifan\AppData\Local\Temp\IDC1.tmp\[1]VideoEggPublisher[1].exe\$PROGRAMFILES\VideoEgg\updater.exe" file.
03/09/2008 21:28:19 Ifan 1012 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\$WINDOWS.~Q\DATA\Users\Ifan\AppData\Local\Temp\STOPzilla!\SZPro5.msi\Instal01.cab\SZKGSys" file.
03/09/2008 21:46:22 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\1.exe" file.
03/09/2008 22:06:54 Ifan 1012 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\PCHealthCenter\3.exe" file.
03/09/2008 22:06:54 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\5.exe\MSA.cpl" file.
03/09/2008 22:06:54 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\PCHealthCenter\5.exe\MSA.exe" file.
03/09/2008 22:20:40 Ifan 1012 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Users\Ifan\AppData\Local\Temp\lwpwer.exe\7.exe" file.
03/09/2008 22:20:40 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Ifan\AppData\Local\Temp\lwpwer.exe.exe" file.
03/09/2008 22:20:40 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Ifan\AppData\Local\Temp\lwpwer.exe\1.exe" file.
03/09/2008 22:20:40 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Ifan\AppData\Local\Temp\lwpwer.exe\2.exe" file.
03/09/2008 22:20:40 Ifan 1012 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Users\Ifan\AppData\Local\Temp\lwpwer.exe\3.exe" file.
03/09/2008 22:20:40 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Ifan\AppData\Local\Temp\lwpwer.exe\4.exe" file.
03/09/2008 22:20:40 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Ifan\AppData\Local\Temp\lwpwer.exe\5.exe\MSA.cpl" file.
03/09/2008 22:20:40 Ifan 1012 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Users\Ifan\AppData\Local\Temp\lwpwer.exe\5.exe\MSA.exe" file.
04/09/2008 09:28:05 SYSTEM 1612 Sign of "Win32:Adware-gen [Adw]" has been found in "http://thedownloadvid.com/get/6xxx3913555/Keygen.Driver.Scanner.2009.2.0.0.20.exe" file.
04/09/2008 09:28:13 SYSTEM 1612 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Users\Ifan\AppData\Local\Mozilla\Firefox\Profiles\10orxfdx.default\Cache\D4F29F17d01" file.
04/09/2008 09:28:22 SYSTEM 1612 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Users\Ifan\AppData\Local\Temp\1uiJDJga.exe.part" file.
06/09/2008 14:33:51 Ifan 3028 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\$WINDOWS.~Q\DATA\Users\Ifan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Ifan\AppData\Local\Temp\IDC1.tmp\[1]VideoEggPublisher[1].exe\$PROGRAMFILES\VideoEgg\updater.exe" file.
06/09/2008 15:46:19 Ifan 3028 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\$WINDOWS.~Q\DATA\Users\Ifan\AppData\Local\Temp\STOPzilla!\SZPro5.msi\Instal01.cab\SZKGSys" file.
07/09/2008 12:26:41 Ifan 4768 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\$WINDOWS.~Q\DATA\Users\Ifan\AppData\Local\Temp\STOPzilla!\SZPro5.msi\Instal01.cab\SZKGSys" file.
Pronitron
Active Member
 
Posts: 4
Joined: September 9th, 2008, 11:45 am
Top
Advertisement
Register to Remove

Re: Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Shaba » September 11th, 2008, 5:49 am

Hi Pronitron

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Pronitron » September 12th, 2008, 11:13 am

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-11 17:31:55
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 9DAA4000 ZwAlpcConnectPort
SSDT 9DAA4005 ZwAssignProcessToJobObject
SSDT 9DAA400A ZwConnectPort
SSDT 9DAA400F ZwCreateFile
SSDT 9DAA4019 ZwCreateProcess
SSDT 9DAA401E ZwCreateProcessEx
SSDT 9DAA4023 ZwCreateThread
SSDT 9DAA402D ZwDebugActiveProcess
SSDT 9DAA4032 ZwDuplicateObject
SSDT 9DAA4037 ZwLoadDriver
SSDT 9DAA403C ZwOpenKey
SSDT 9DAA4041 ZwOpenSection
SSDT 9DAA4046 ZwOpenThread
SSDT 9DAA4050 ZwProtectVirtualMemory
SSDT 9DAA404B ZwResumeThread
SSDT 9DAA4055 ZwSecureConnectPort
SSDT 9DAA405A ZwSetValueKey
SSDT 9DAA405F ZwSuspendProcess
SSDT 9DAA4064 ZwTerminateProcess
SSDT 9DAA4069 ZwWriteVirtualMemory
SSDT 9DAA4028 ZwCreateThreadEx
SSDT 9DAA4014 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 370 81CFF9C4 4 Bytes [ 00, 40, AA, 9D ]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81CFFA18 4 Bytes [ 05, 40, AA, 9D ]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 81CFFA48 4 Bytes [ 0A, 40, AA, 9D ]
.text ntkrnlpa.exe!KeSetTimerEx + 40C 81CFFA60 4 Bytes [ 0F, 40, AA, 9D ]
.text ntkrnlpa.exe!KeSetTimerEx + 43C 81CFFA90 8 Bytes [ 19, 40, AA, 9D, 1E, 40, AA, ... ]
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1A67 9B89503F 240 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 1B58 9B895130 6 Bytes [ 0E, 83, 78, 14, 01, 75 ]
PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 9B895137 2214 Bytes [ 83, 78, 18, 37, 75, 02, B3, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 2406 9B8959DE 47 Bytes [ 04, BB, A8, 01, 00, 00, 8D, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 2436 9B895A0E 44 Bytes [ 05, 00, 00, 39, 54, 8D, D0, ... ]
PAGE ...
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[232] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\taskeng.exe[264] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\taskeng.exe[264] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\taskeng.exe[264] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\taskeng.exe[264] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\taskeng.exe[264] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\taskeng.exe[264] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\taskeng.exe[264] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\taskeng.exe[264] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\taskeng.exe[264] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\taskeng.exe[264] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\taskeng.exe[264] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\taskeng.exe[264] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\taskeng.exe[264] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\taskeng.exe[264] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[412] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[460] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[460] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[460] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[460] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[460] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[460] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[460] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[460] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[460] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[460] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[460] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[460] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[472] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\csrss.exe[472] KERNEL32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\wininit.exe[524] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wininit.exe[524] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\wininit.exe[524] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\wininit.exe[524] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\wininit.exe[524] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\wininit.exe[524] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\wininit.exe[524] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\wininit.exe[524] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\wininit.exe[524] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[536] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\csrss.exe[536] KERNEL32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\services.exe[568] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[568] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\services.exe[568] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\services.exe[568] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\services.exe[568] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\services.exe[568] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\services.exe[568] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\services.exe[568] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\services.exe[568] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\services.exe[568] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\services.exe[568] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\services.exe[568] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\services.exe[568] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\lsass.exe[588] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\lsass.exe[588] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\lsass.exe[588] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\lsass.exe[588] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\lsass.exe[588] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\lsass.exe[588] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\lsass.exe[588] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\lsass.exe[588] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\lsass.exe[588] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[592] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\lsm.exe[596] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\lsm.exe[596] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\lsm.exe[596] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\lsm.exe[596] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\lsm.exe[596] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\lsm.exe[596] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\lsm.exe[596] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\lsm.exe[596] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\lsm.exe[596] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\lsm.exe[596] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[676] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\winlogon.exe[676] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\Dwm.exe[708] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\Dwm.exe[708] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\Dwm.exe[708] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\Dwm.exe[708] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\Dwm.exe[708] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\Dwm.exe[708] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\Dwm.exe[708] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\Dwm.exe[708] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\Dwm.exe[708] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\Dwm.exe[708] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[776] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[776] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[776] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[776] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\svchost.exe[776] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[776] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[776] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[776] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[776] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\nvvsvc.exe[824] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\nvvsvc.exe[824] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\nvvsvc.exe[824] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\nvvsvc.exe[824] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\nvvsvc.exe[824] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\nvvsvc.exe[824] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\nvvsvc.exe[824] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\nvvsvc.exe[824] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\nvvsvc.exe[824] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\nvvsvc.exe[824] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\nvvsvc.exe[824] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\nvvsvc.exe[824] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\nvvsvc.exe[824] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\svchost.exe[888] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[888] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\svchost.exe[888] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[888] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[888] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\svchost.exe[888] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[888] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[888] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[888] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[888] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[888] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[888] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\svchost.exe[888] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F5F0F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F650F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F620F5A
.text C:\Windows\servicing\TrustedInstaller.exe[924] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[964] kernel32.dll!CreateThread + 1A 776346E2 4 Bytes [ D6, 57, E1, 88 ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] shell32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] shell32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] shell32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[992] shell32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[1012] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[1012] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[1012] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\svchost.exe[1012] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[1012] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\svchost.exe[1012] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F5F0F5A
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[1052] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[1052] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[1052] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\svchost.exe[1052] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1208] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[1232] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[1232] shell32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[1232] shell32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[1232] shell32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[1232] shell32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Last.fm\LastFM.exe[1324] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[1360] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[1360] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[1360] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[1360] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\rundll32.exe[1396] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\rundll32.exe[1396] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\rundll32.exe[1396] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\rundll32.exe[1396] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\rundll32.exe[1396] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\rundll32.exe[1396] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\rundll32.exe[1396] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\rundll32.exe[1396] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\rundll32.exe[1396] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\rundll32.exe[1396] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\rundll32.exe[1396] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\rundll32.exe[1396] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\rundll32.exe[1396] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\rundll32.exe[1396] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1404] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F650F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F620F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[1648] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\spoolsv.exe[1884] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\spoolsv.exe[1884] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\spoolsv.exe[1884] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\spoolsv.exe[1884] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\spoolsv.exe[1884] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\System32\spoolsv.exe[1884] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\spoolsv.exe[1884] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\spoolsv.exe[1884] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\spoolsv.exe[1884] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\spoolsv.exe[1884] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\spoolsv.exe[1884] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\spoolsv.exe[1884] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\spoolsv.exe[1884] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F5F0F5A
.text C:\Windows\System32\spoolsv.exe[1884] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1908] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[1908] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[1908] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1908] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[1908] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[1908] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[1908] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[1908] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[1908] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[1908] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[1908] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[2140] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[2140] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[2140] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[2140] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[2140] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[2140] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[2140] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[2140] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[2140] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[2140] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[2140] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[2140] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2188] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[2220] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[2252] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[2252] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[2252] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F650F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F620F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2268] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[2280] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[2280] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[2280] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[2280] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\System32\svchost.exe[2280] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[2280] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[2280] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[2280] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[2280] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[2280] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\svchost.exe[2280] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[2280] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\svchost.exe[2280] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2300] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\SearchIndexer.exe[2308] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2444] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Users\Ifan\Documents\gmer.exe[2544] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] shell32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] shell32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] shell32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2572] shell32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\rundll32.exe[2752] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\rundll32.exe[2752] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\rundll32.exe[2752] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\rundll32.exe[2752] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\rundll32.exe[2752] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\rundll32.exe[2752] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\rundll32.exe[2752] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\rundll32.exe[2752] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\rundll32.exe[2752] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\rundll32.exe[2752] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\rundll32.exe[2752] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\rundll32.exe[2752] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\rundll32.exe[2752] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\rundll32.exe[2752] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\taskeng.exe[2772] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\taskeng.exe[2772] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\taskeng.exe[2772] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\taskeng.exe[2772] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\taskeng.exe[2772] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\taskeng.exe[2772] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\taskeng.exe[2772] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\taskeng.exe[2772] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\taskeng.exe[2772] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\taskeng.exe[2772] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\taskeng.exe[2772] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\taskeng.exe[2772] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\taskeng.exe[2772] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\taskeng.exe[2772] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\ehome\ehtray.exe[2848] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\ehome\ehtray.exe[2848] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\ehome\ehtray.exe[2848] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\ehome\ehtray.exe[2848] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\ehome\ehtray.exe[2848] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\ehome\ehtray.exe[2848] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\ehome\ehtray.exe[2848] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\ehome\ehtray.exe[2848] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2884] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3004] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\Explorer.EXE[3032] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\Explorer.EXE[3032] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\Explorer.EXE[3032] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\Explorer.EXE[3032] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\Explorer.EXE[3032] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\Explorer.EXE[3032] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\Explorer.EXE[3032] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\Explorer.EXE[3032] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\Explorer.EXE[3032] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\Explorer.EXE[3032] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\Explorer.EXE[3032] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\Explorer.EXE[3032] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\Explorer.EXE[3032] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\Explorer.EXE[3032] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\WUDFHost.exe[3100] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\WUDFHost.exe[3100] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\WUDFHost.exe[3100] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\WUDFHost.exe[3100] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\WUDFHost.exe[3100] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\WUDFHost.exe[3100] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\WUDFHost.exe[3100] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\WUDFHost.exe[3100] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\WUDFHost.exe[3100] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\WUDFHost.exe[3100] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\WUDFHost.exe[3100] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\WUDFHost.exe[3100] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\WUDFHost.exe[3100] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\WUDFHost.exe[3100] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\rundll32.exe[3176] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\rundll32.exe[3176] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\rundll32.exe[3176] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\rundll32.exe[3176] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\rundll32.exe[3176] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\rundll32.exe[3176] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\rundll32.exe[3176] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\rundll32.exe[3176] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\rundll32.exe[3176] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\rundll32.exe[3176] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\rundll32.exe[3176] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\rundll32.exe[3176] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\rundll32.exe[3176] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\rundll32.exe[3176] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 4D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 3B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F250F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F220F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F160F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!CreateThread + 1A 776346E2 4 Bytes [ FA, 55, E1, 88 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F130F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F400F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F520F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F430F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F370F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] shell32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] shell32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] shell32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3204] shell32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F650F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F620F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3344] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3356] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3404] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3724] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\rundll32.exe[3840] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\rundll32.exe[3840] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\rundll32.exe[3840] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\rundll32.exe[3840] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\rundll32.exe[3840] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\rundll32.exe[3840] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\rundll32.exe[3840] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\rundll32.exe[3840] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\rundll32.exe[3840] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\rundll32.exe[3840] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\rundll32.exe[3840] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\rundll32.exe[3840] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\rundll32.exe[3840] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\rundll32.exe[3840] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[3896] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3920] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3960] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F650F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] shell32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] shell32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] shell32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3984] shell32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4128] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4296] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4360] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[4776] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[4776] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[4776] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[4776] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[4776] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\System32\svchost.exe[4776] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[4776] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[4776] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[4776] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[4776] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4920] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\taskeng.exe[5052] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\taskeng.exe[5052] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\taskeng.exe[5052] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\taskeng.exe[5052] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\taskeng.exe[5052] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\taskeng.exe[5052] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\taskeng.exe[5052] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\taskeng.exe[5052] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\taskeng.exe[5052] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\taskeng.exe[5052] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\taskeng.exe[5052] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\taskeng.exe[5052] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\taskeng.exe[5052] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\taskeng.exe[5052] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\ehome\ehmsas.exe[5576] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\ehome\ehmsas.exe[5576] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\ehome\ehmsas.exe[5576] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\ehome\ehmsas.exe[5576] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\ehome\ehmsas.exe[5576] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\ehome\ehmsas.exe[5576] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\ehome\ehmsas.exe[5576] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\ehome\ehmsas.exe[5576] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\ehome\ehmsas.exe[5576] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\ehome\ehmsas.exe[5576] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!OutputDebugStringW 775FE81A 5 Bytes JMP 28001E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!SetUnhandledExceptionFilter 77616E2D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!FindResourceExA 776208DD 7 Bytes JMP 28001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!FindResourceA 776209A5 5 Bytes JMP 28001B90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!CreateEventA 77634AD8 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!LockResource 77637F1F 5 Bytes JMP 28001DF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!FindResourceExW 7763813B 7 Bytes JMP 28001B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!LoadResource 77638213 7 Bytes JMP 28001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!FindResourceW 776397C7 5 Bytes JMP 28001A80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!SizeofResource 776397E5 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ADVAPI32.dll!CryptDeriveKey 762DE6F6 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ADVAPI32.dll!CryptDecrypt 762DE8D9 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!SetWindowPlacement 761B79BB 5 Bytes JMP 28005840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!SetWindowRgn 761B95E2 7 Bytes JMP 28005980 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!LoadImageW 761BD61D 5 Bytes JMP 280060C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!LoadIconW 761BEC94 5 Bytes JMP 280062B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!CreateWindowExW 761C3D67 5 Bytes JMP 28003820 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!PeekMessageW 761CFD9F 5 Bytes JMP 28004090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!TrackPopupMenuEx 761E0F4D 5 Bytes JMP 28004970 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!CreateDialogParamW 761E1C58 5 Bytes JMP 28005AC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] USER32.dll!MessageBoxIndirectW 7620D56B 5 Bytes JMP 28005CB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WS2_32.dll!closesocket 7753330C 5 Bytes JMP 2800A5A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WS2_32.dll!recv 7753343A 5 Bytes JMP 28009DC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WS2_32.dll!WSASend 77534496 5 Bytes JMP 2800A360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WS2_32.dll!send 7753659B 5 Bytes JMP 2800A180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WS2_32.dll!WSARecv 77538400 5 Bytes JMP 28009F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] SHELL32.dll!Shell_NotifyIconW 76A7C808 5 Bytes JMP 28002FE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ole32.dll!CoRegisterClassObject 765345AC 5 Bytes JMP 28002200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] ole32.dll!CoInitializeEx 7656B89A 5 Bytes JMP 28002100 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WININET.dll!HttpOpenRequestA 764306D6 5 Bytes JMP 28008BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WININET.dll!InternetCloseHandle 7643607B 5 Bytes JMP 28008F20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WININET.dll!InternetReadFile 7643A067 5 Bytes JMP 28008D70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5600] WININET.dll!HttpSendRequestA 764408C5 5 Bytes JMP 28008E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\wuauclt.exe[5860] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\wuauclt.exe[5860] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\wuauclt.exe[5860] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\wuauclt.exe[5860] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\wuauclt.exe[5860] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\wuauclt.exe[5860] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\wuauclt.exe[5860] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\wuauclt.exe[5860] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\wuauclt.exe[5860] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wuauclt.exe[5860] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\wuauclt.exe[5860] SHELL32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F5F0F5A
.text C:\Windows\system32\wuauclt.exe[5860] SHELL32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\wuauclt.exe[5860] SHELL32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\wuauclt.exe[5860] SHELL32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 4D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 3B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F250F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F220F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F160F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!CreateThread + 1A 776346E2 4 Bytes [ 0E, 62, E1, 88 ]
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F130F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F400F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F520F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F430F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F370F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] shell32.dll!ShellExecuteW 76A3A2C5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] shell32.dll!ShellExecuteExW 76A8FFBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] shell32.dll!ShellExecuteEx 76C38AA2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsGui.exe[5872] shell32.dll!ShellExecuteA 76C38B3D 6 Bytes JMP 5F280F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtCreateProcess 779880C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtCreateProcess + 4 779880CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtCreateProcessEx 779880D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtCreateProcessEx + 4 779880DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtCreateSection 779880F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtCreateSection + 4 779880FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtLoadDriver 77988698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtLoadDriver + 4 7798869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtSuspendProcess 779890E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtSuspendProcess + 4 779890EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtTerminateProcess 77989128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtTerminateProcess + 4 7798912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtWriteVirtualMemory 779892A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtWriteVirtualMemory + 4 779892AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtCreateUserProcess 77989438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ntdll.dll!NtCreateUserProcess + 4 7798943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!TerminateProcess 775F18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!CreateProcessW 775F1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!CreateProcessA 775F1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!WriteProcessMemory 775F1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!LoadLibraryExW 776130C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!LoadLibraryW 7761361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!TerminateThread 77613B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!LoadLibraryA 77619491 6 Bytes JMP 5F290F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!CreateRemoteThread 776346EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!CreateRemoteThread + 4 776346F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!GetProcAddress 7763B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!DebugActiveProcess 77679178 6 Bytes JMP 5F470F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] kernel32.dll!WinExec 776853E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ADVAPI32.dll!LsaRemoveAccountRights 7633B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] ADVAPI32.dll!CreateServiceA 76356C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] USER32.dll!SetWindowsHookExW 761B7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] USER32.dll!GetAsyncKeyState 761B8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] USER32.dll!SetWinEventHook 761B915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] USER32.dll!GetKeyState 761C87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] USER32.dll!SetWindowsHookExA 761DBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] USER32.dll!DdeConnect 761F997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\iPod\bin\iPodService.exe[6056] USER32.dll!EndTask 761FACCF 6 Bytes JMP 5F3E0F5A

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[568] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00170002
IAT C:\Windows\system32\services.exe[568] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00170000
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[964] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044A014] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[964] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044A014] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3204] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00449E38] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00449E38] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsGui.exe[5872] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044AA4C] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsGui.exe[5872] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044AA4C] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctfw2.sys
AttachedDevice \Driver\tdx \Device\Udp pctfw2.sys
AttachedDevice \Driver\tdx \Device\RawIp pctfw2.sys

---- Services - GMER 1.0.14 ----

Service system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys

---- EOF - GMER 1.0.14 ----
Pronitron
Active Member
 
Posts: 4
Joined: September 9th, 2008, 11:45 am
Top

Re: Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Shaba » September 12th, 2008, 11:48 am

Yes, we have tdssserv rootkit there.

Run gmer.exe
Click the tab called Processes and click the Safe... button. The computer will reboot and the Gmer screen will open.
Click Files... and browse to the following file:
C:\windows\system32\drivers\TDSSserv.sys
Now click Delete

Now click the Services tab. Click the entries in red one by one with your right mouse button and click Delete... Answer Yes to all the warning windows.
When you've removed all the Service entries in red, reboot your computer.

Re-run gmer.

Post a fresh gmer log, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Pronitron » September 12th, 2008, 6:26 pm

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-12 23:26:03
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 8EFDB000 ZwAlpcConnectPort
SSDT 8EFDB005 ZwAssignProcessToJobObject
SSDT 8EFDB00A ZwConnectPort
SSDT 8EFDB00F ZwCreateFile
SSDT 8EFDB019 ZwCreateProcess
SSDT 8EFDB01E ZwCreateProcessEx
SSDT 8EFDB023 ZwCreateThread
SSDT 8EFDB02D ZwDebugActiveProcess
SSDT 8EFDB032 ZwDuplicateObject
SSDT 8EFDB037 ZwLoadDriver
SSDT 8EFDB03C ZwOpenKey
SSDT 8EFDB041 ZwOpenSection
SSDT 8EFDB046 ZwOpenThread
SSDT 8EFDB050 ZwProtectVirtualMemory
SSDT 8EFDB04B ZwResumeThread
SSDT 8EFDB055 ZwSecureConnectPort
SSDT 8EFDB05A ZwSetValueKey
SSDT 8EFDB05F ZwSuspendProcess
SSDT 8EFDB064 ZwTerminateProcess
SSDT 8EFDB069 ZwWriteVirtualMemory
SSDT 8EFDB028 ZwCreateThreadEx
SSDT 8EFDB014 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 370 81CBE9C4 4 Bytes [ 00, B0, FD, 8E ]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81CBEA18 4 Bytes [ 05, B0, FD, 8E ]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 81CBEA48 4 Bytes [ 0A, B0, FD, 8E ]
.text ntkrnlpa.exe!KeSetTimerEx + 40C 81CBEA60 4 Bytes [ 0F, B0, FD, 8E ]
.text ntkrnlpa.exe!KeSetTimerEx + 43C 81CBEA90 8 Bytes [ 19, B0, FD, 8E, 1E, B0, FD, ... ]
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1A67 9BE4C03F 240 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 1B58 9BE4C130 6 Bytes [ 0E, 83, 78, 14, 01, 75 ]
PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 9BE4C137 2214 Bytes [ 83, 78, 18, 37, 75, 02, B3, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 2406 9BE4C9DE 47 Bytes [ 04, BB, A8, 01, 00, 00, 8D, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 2436 9BE4CA0E 44 Bytes [ 05, 00, 00, 39, 54, 8D, D0, ... ]
PAGE ...
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[552] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\csrss.exe[552] KERNEL32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\wininit.exe[604] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\wininit.exe[604] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\wininit.exe[604] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\wininit.exe[604] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\wininit.exe[604] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\wininit.exe[604] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\wininit.exe[604] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\wininit.exe[604] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\wininit.exe[604] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\csrss.exe[616] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\csrss.exe[616] KERNEL32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\services.exe[648] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\services.exe[648] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\services.exe[648] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\services.exe[648] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\services.exe[648] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\services.exe[648] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\services.exe[648] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\services.exe[648] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\services.exe[648] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\services.exe[648] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\services.exe[648] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\services.exe[648] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\services.exe[648] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\lsass.exe[664] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\lsass.exe[664] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\lsass.exe[664] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\lsass.exe[664] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\lsass.exe[664] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\lsass.exe[664] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\lsass.exe[664] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\lsm.exe[672] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\lsm.exe[672] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\lsm.exe[672] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\lsm.exe[672] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\lsm.exe[672] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\lsm.exe[672] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\lsm.exe[672] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\lsm.exe[672] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\lsm.exe[672] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\Explorer.EXE[716] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\Explorer.EXE[716] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\Explorer.EXE[716] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\Explorer.EXE[716] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\Explorer.EXE[716] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\Explorer.EXE[716] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\Explorer.EXE[716] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\Explorer.EXE[716] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\Explorer.EXE[716] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\Explorer.EXE[716] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\Explorer.EXE[716] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\Explorer.EXE[716] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\Explorer.EXE[716] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\Explorer.EXE[716] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\Explorer.EXE[716] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\Explorer.EXE[716] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\Explorer.EXE[716] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[820] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[820] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\svchost.exe[820] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[820] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[820] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[820] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[820] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\winlogon.exe[852] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\winlogon.exe[852] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\GMEr.exe[892] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\GMEr.exe[892] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\GMEr.exe[892] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\GMEr.exe[892] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\GMEr.exe[892] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\GMEr.exe[892] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\GMEr.exe[892] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\GMEr.exe[892] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\GMEr.exe[892] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\GMEr.exe[892] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\GMEr.exe[892] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\GMEr.exe[892] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\GMEr.exe[892] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\nvvsvc.exe[908] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\nvvsvc.exe[908] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\nvvsvc.exe[908] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\nvvsvc.exe[908] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\nvvsvc.exe[908] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\nvvsvc.exe[908] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\nvvsvc.exe[908] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\nvvsvc.exe[908] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\nvvsvc.exe[908] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\nvvsvc.exe[908] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\nvvsvc.exe[908] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\nvvsvc.exe[908] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\nvvsvc.exe[908] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\nvvsvc.exe[908] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[936] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[988] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\svchost.exe[988] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[988] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[988] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[988] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[988] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[988] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\svchost.exe[988] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\SearchIndexer.exe[1096] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[1112] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[1112] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[1112] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\svchost.exe[1112] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[1156] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[1156] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[1156] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\svchost.exe[1156] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[1172] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[1172] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[1172] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[1172] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1328] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[1328] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[1328] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1328] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[1328] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[1328] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[1328] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[1328] shell32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[1328] shell32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[1328] shell32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[1328] shell32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[1380] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1380] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[1380] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\svchost.exe[1380] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\svchost.exe[1380] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\svchost.exe[1380] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\svchost.exe[1380] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F5F0F5A
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\taskeng.exe[1428] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\taskeng.exe[1428] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\taskeng.exe[1428] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\taskeng.exe[1428] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\taskeng.exe[1428] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\taskeng.exe[1428] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\taskeng.exe[1428] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\taskeng.exe[1428] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\taskeng.exe[1428] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\taskeng.exe[1428] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\taskeng.exe[1428] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\taskeng.exe[1428] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\taskeng.exe[1428] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\taskeng.exe[1428] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[1436] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[1436] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[1436] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[1436] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\rundll32.exe[1472] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\rundll32.exe[1472] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\rundll32.exe[1472] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\rundll32.exe[1472] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\rundll32.exe[1472] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\rundll32.exe[1472] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\rundll32.exe[1472] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\rundll32.exe[1472] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\rundll32.exe[1472] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\rundll32.exe[1472] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\rundll32.exe[1472] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\rundll32.exe[1472] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\rundll32.exe[1472] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\rundll32.exe[1472] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\Dwm.exe[1572] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\Dwm.exe[1572] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\Dwm.exe[1572] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\Dwm.exe[1572] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F640F5A
.text C:\Windows\system32\Dwm.exe[1572] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\Dwm.exe[1572] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F680F5A
.text C:\Windows\system32\Dwm.exe[1572] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F600F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1632] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\spoolsv.exe[1944] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\spoolsv.exe[1944] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\spoolsv.exe[1944] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\spoolsv.exe[1944] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\spoolsv.exe[1944] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\spoolsv.exe[1944] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\spoolsv.exe[1944] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\spoolsv.exe[1944] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\spoolsv.exe[1944] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\spoolsv.exe[1944] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\spoolsv.exe[1944] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\spoolsv.exe[1944] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\spoolsv.exe[1944] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] shell32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] shell32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] shell32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1960] shell32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[1968] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[1968] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[1968] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[1968] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[1968] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[1968] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[1968] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[1968] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[1968] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[1968] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[1968] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[1968] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[1968] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[1968] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2072] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\taskeng.exe[2112] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\taskeng.exe[2112] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\taskeng.exe[2112] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\taskeng.exe[2112] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\taskeng.exe[2112] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\taskeng.exe[2112] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\taskeng.exe[2112] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\taskeng.exe[2112] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\taskeng.exe[2112] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\taskeng.exe[2112] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\taskeng.exe[2112] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\taskeng.exe[2112] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\taskeng.exe[2112] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[2148] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[2148] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[2148] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[2148] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[2148] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[2148] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2168] kernel32.dll!CreateThread + 1A 77C046E2 4 Bytes [ D6, 57, 84, 88 ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] shell32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] shell32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] shell32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2192] shell32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[2220] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[2220] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[2220] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[2220] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[2220] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\system32\svchost.exe[2220] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[2220] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[2220] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[2220] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[2220] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[2292] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2352] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 4D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 3B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F250F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F220F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F160F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!CreateThread + 1A 77C046E2 4 Bytes [ FA, 55, 84, 88 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F130F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F400F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F520F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F430F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F370F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] shell32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] shell32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] shell32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2388] shell32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F280F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2396] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2412] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[2432] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\rundll32.exe[2468] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\rundll32.exe[2468] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\rundll32.exe[2468] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\rundll32.exe[2468] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\rundll32.exe[2468] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\rundll32.exe[2468] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\rundll32.exe[2468] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\rundll32.exe[2468] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\rundll32.exe[2468] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\rundll32.exe[2468] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\rundll32.exe[2468] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\rundll32.exe[2468] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\rundll32.exe[2468] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\rundll32.exe[2468] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2488] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ThreatFire\TFTray.exe[2528] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2548] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\rundll32.exe[2576] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\rundll32.exe[2576] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\rundll32.exe[2576] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\rundll32.exe[2576] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\rundll32.exe[2576] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\rundll32.exe[2576] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\rundll32.exe[2576] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\rundll32.exe[2576] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\rundll32.exe[2576] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\rundll32.exe[2576] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\rundll32.exe[2576] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\rundll32.exe[2576] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\rundll32.exe[2576] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\rundll32.exe[2576] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\System32\rundll32.exe[2584] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\rundll32.exe[2584] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\rundll32.exe[2584] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\rundll32.exe[2584] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\System32\rundll32.exe[2584] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\rundll32.exe[2584] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\rundll32.exe[2584] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\System32\rundll32.exe[2584] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\rundll32.exe[2584] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\rundll32.exe[2584] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\System32\rundll32.exe[2584] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\System32\rundll32.exe[2584] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\rundll32.exe[2584] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\rundll32.exe[2584] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2592] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2600] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\ehome\ehtray.exe[2616] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\ehome\ehtray.exe[2616] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\ehome\ehtray.exe[2616] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\ehome\ehtray.exe[2616] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\ehome\ehtray.exe[2616] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\ehome\ehtray.exe[2616] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\ehome\ehtray.exe[2616] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\ehome\ehtray.exe[2616] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\ehome\ehtray.exe[2616] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\ehome\ehtray.exe[2616] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\ehome\ehtray.exe[2616] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\ehome\ehtray.exe[2616] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\ehome\ehtray.exe[2616] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\ehome\ehtray.exe[2616] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] user32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] user32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] user32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] user32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] user32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] user32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] user32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] shell32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] shell32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] shell32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2660] shell32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] shell32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] shell32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] shell32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2704] shell32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2748] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\ehome\ehmsas.exe[2796] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\ehome\ehmsas.exe[2796] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\ehome\ehmsas.exe[2796] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\ehome\ehmsas.exe[2796] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\ehome\ehmsas.exe[2796] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\ehome\ehmsas.exe[2796] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\ehome\ehmsas.exe[2796] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\ehome\ehmsas.exe[2796] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\ehome\ehmsas.exe[2796] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\ehome\ehmsas.exe[2796] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[3016] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\WUDFHost.exe[3040] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\WUDFHost.exe[3040] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\WUDFHost.exe[3040] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\WUDFHost.exe[3040] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\WUDFHost.exe[3040] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\WUDFHost.exe[3040] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\WUDFHost.exe[3040] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Windows\System32\svchost.exe[3308] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\System32\svchost.exe[3308] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Windows\System32\svchost.exe[3308] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\System32\svchost.exe[3308] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Windows\System32\svchost.exe[3308] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Windows\System32\svchost.exe[3308] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Windows\System32\svchost.exe[3308] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\System32\svchost.exe[3308] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Windows\System32\svchost.exe[3308] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] user32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] user32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] user32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] user32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] user32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] user32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] user32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] shell32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] shell32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] shell32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3472] shell32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\svchost.exe[3812] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\svchost.exe[3812] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\svchost.exe[3812] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\svchost.exe[3812] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\svchost.exe[3812] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\svchost.exe[3812] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\svchost.exe[3812] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3824] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[3836] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3884] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[4092] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Media Player\wmplayer.exe[4564] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\SearchProtocolHost.exe[4696] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[5116] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[5240] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[5364] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Last.fm\LastFM.exe[5444] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 54, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 42, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F440F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F470F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F590F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F4A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F500F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F560F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F650F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5660] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F620F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 5D, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 60, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 56, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 4D, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 3B, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 63, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 66, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 5A, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[6036] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\vssvc.exe[7308] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\vssvc.exe[7308] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\vssvc.exe[7308] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\vssvc.exe[7308] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\vssvc.exe[7308] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\vssvc.exe[7308] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\vssvc.exe[7308] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\vssvc.exe[7308] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\vssvc.exe[7308] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\vssvc.exe[7308] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\vssvc.exe[7308] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\vssvc.exe[7308] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\vssvc.exe[7308] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\vssvc.exe[7308] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtCreateProcess 77AE80C8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtCreateProcess + 4 77AE80CC 2 Bytes [ 0E, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtCreateProcessEx 77AE80D8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtCreateProcessEx + 4 77AE80DC 2 Bytes [ 11, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtCreateSection 77AE80F8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtCreateSection + 4 77AE80FC 2 Bytes [ 05, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtLoadDriver 77AE8698 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtLoadDriver + 4 77AE869C 2 Bytes [ 60, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtSuspendProcess 77AE90E8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtSuspendProcess + 4 77AE90EC 2 Bytes [ 4E, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtTerminateProcess 77AE9128 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtTerminateProcess + 4 77AE912C 2 Bytes [ 14, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtWriteVirtualMemory 77AE92A8 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtWriteVirtualMemory + 4 77AE92AC 2 Bytes [ 17, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtCreateUserProcess 77AE9438 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] ntdll.dll!NtCreateUserProcess + 4 77AE943C 2 Bytes [ 0B, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!TerminateProcess 77BC18EF 6 Bytes JMP 5F200F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!CreateProcessW 77BC1C01 6 Bytes JMP 5F380F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!CreateProcessA 77BC1C36 6 Bytes JMP 5F350F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!WriteProcessMemory 77BC1CC6 6 Bytes JMP 5F230F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!LoadLibraryExW 77BE30C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!LoadLibraryW 77BE361F 6 Bytes JMP 5F2C0F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!TerminateThread 77BE3B73 6 Bytes JMP 5F500F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!LoadLibraryA 77BE9491 6 Bytes JMP 5F290F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!CreateRemoteThread 77C046EF 3 Bytes [ FF, 25, 1E ]
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!CreateRemoteThread + 4 77C046F3 2 Bytes [ 1A, 5F ]
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!GetProcAddress 77C0B8B6 6 Bytes JMP 5F260F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!DebugActiveProcess 77C49178 6 Bytes JMP 5F530F5A
.text C:\Windows\system32\msiexec.exe[7520] kernel32.dll!WinExec 77C553E7 6 Bytes JMP 5F470F5A
.text C:\Windows\system32\msiexec.exe[7520] ADVAPI32.dll!LsaRemoveAccountRights 7670B699 6 Bytes JMP 5F1D0F5A
.text C:\Windows\system32\msiexec.exe[7520] ADVAPI32.dll!CreateServiceA 76726C71 6 Bytes JMP 5F620F5A
.text C:\Windows\system32\msiexec.exe[7520] USER32.dll!SetWindowsHookExW 774A7B69 6 Bytes JMP 5F320F5A
.text C:\Windows\system32\msiexec.exe[7520] USER32.dll!GetAsyncKeyState 774A8DF4 6 Bytes JMP 5F590F5A
.text C:\Windows\system32\msiexec.exe[7520] USER32.dll!SetWinEventHook 774A915C 6 Bytes JMP 5F650F5A
.text C:\Windows\system32\msiexec.exe[7520] USER32.dll!GetKeyState 774B87C7 6 Bytes JMP 5F560F5A
.text C:\Windows\system32\msiexec.exe[7520] USER32.dll!SetWindowsHookExA 774CBB0E 6 Bytes JMP 5F2F0F5A
.text C:\Windows\system32\msiexec.exe[7520] USER32.dll!DdeConnect 774E997F 6 Bytes JMP 5F5C0F5A
.text C:\Windows\system32\msiexec.exe[7520] USER32.dll!EndTask 774EACCF 6 Bytes JMP 5F4A0F5A
.text C:\Windows\system32\msiexec.exe[7520] SHELL32.dll!ShellExecuteW 769AA2C5 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\msiexec.exe[7520] SHELL32.dll!ShellExecuteExW 769FFFBD 6 Bytes JMP 5F440F5A
.text C:\Windows\system32\msiexec.exe[7520] SHELL32.dll!ShellExecuteEx 76BA8AA2 6 Bytes JMP 5F410F5A
.text C:\Windows\system32\msiexec.exe[7520] SHELL32.dll!ShellExecuteA 76BA8B3D 6 Bytes JMP 5F3B0F5A

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[648] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000A0002
IAT C:\Windows\system32\services.exe[648] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000A0000
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2168] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044A014] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2168] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044A014] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2388] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00449E38] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00449E38] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctfw2.sys
AttachedDevice \Driver\tdx \Device\Udp pctfw2.sys
AttachedDevice \Driver\tdx \Device\RawIp pctfw2.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
Pronitron
Active Member
 
Posts: 4
Joined: September 9th, 2008, 11:45 am
Top

Re: Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Shaba » September 13th, 2008, 4:50 am

That seems to be gone, great :)

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Pronitron » September 13th, 2008, 1:25 pm

Logfile of random's system information tool 1.01 (written by random/random)
Run by Ifan at 2008-09-13 18:21:05
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:50, on 13/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Windows\system32\msfeedssync.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Ifan\Downloads\RSIT.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ifan\Downloads\Ifan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 12473 bytes

Scheduled tasks folder

C:\Windows\tasks\User_Feed_Synchronization-{0F527178-FAF2-4441-B131-AAE1EBBCEB30}.job
C:\Windows\tasks\User_Feed_Synchronization-{FCBFDF2E-3B36-4166-949C-7A6C5707B88A}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-07 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"P17Helper"=Rundll32 P17.dll []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2008-04-24 259392]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2008-08-05 2611096]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-16 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-16 92704]
"P17RunE"=RunDll32 P17RunE.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\Users\Ifan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

List of files/folders created in the last three months

2008-09-13 18:21:05 ----D---- C:\rsit
2008-09-13 13:02:52 ----SHD---- C:\Config.Msi
2008-09-12 07:56:05 ----D---- C:\Windows\PCHEALTH
2008-09-11 21:08:56 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-11 21:08:55 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-11 21:07:51 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-11 21:07:43 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-11 21:07:42 ----A---- C:\Windows\system32\dataclen.dll
2008-09-11 21:07:42 ----A---- C:\Windows\system32\cdd.dll
2008-09-11 16:46:36 ----A---- C:\Windows\gmer.ini
2008-09-11 16:45:53 ----A---- C:\Windows\gmer_uninstall.cmd
2008-09-11 16:45:53 ----A---- C:\Windows\gmer.exe
2008-09-11 16:45:53 ----A---- C:\Windows\gmer.dll
2008-09-11 16:45:03 ----A---- C:\Windows\system32\msshooks.dll
2008-09-11 16:45:01 ----A---- C:\Windows\system32\msscb.dll
2008-09-11 16:45:00 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-11 16:45:00 ----A---- C:\Windows\system32\propdefs.dll
2008-09-11 16:45:00 ----A---- C:\Windows\system32\msstrc.dll
2008-09-11 16:45:00 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-11 16:44:59 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-11 16:44:59 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-11 16:44:59 ----A---- C:\Windows\system32\propsys.dll
2008-09-11 16:44:59 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-11 16:44:59 ----A---- C:\Windows\system32\msshsq.dll
2008-09-11 16:44:59 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\wsepno.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-11 16:44:58 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\offfilt.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-11 16:44:58 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-11 16:44:57 ----A---- C:\Windows\system32\tquery.dll
2008-09-11 16:44:57 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-11 16:44:57 ----A---- C:\Windows\system32\mssvp.dll
2008-09-11 16:44:57 ----A---- C:\Windows\system32\mssrch.dll
2008-09-11 16:44:57 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-11 16:44:57 ----A---- C:\Windows\system32\mssph.dll
2008-09-09 15:18:30 ----SHD---- C:\found.001
2008-09-08 17:07:09 ----A---- C:\Windows\ntbtlog.txt
2008-09-07 20:11:10 ----D---- C:\Users\Ifan\AppData\Roaming\Media Player Classic
2008-09-07 20:09:57 ----D---- C:\Program Files\Combined Community Codec Pack
2008-09-05 10:04:21 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-05 10:04:20 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-09-05 10:04:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-09-05 10:04:16 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-05 10:04:12 ----A---- C:\Windows\system32\vbscript.dll
2008-09-05 10:04:12 ----A---- C:\Windows\system32\jscript.dll
2008-09-05 10:04:11 ----A---- C:\Windows\system32\wshext.dll
2008-09-05 10:04:11 ----A---- C:\Windows\system32\wscript.exe
2008-09-05 10:04:11 ----A---- C:\Windows\system32\cscript.exe
2008-09-05 10:04:10 ----A---- C:\Windows\system32\scrrun.dll
2008-09-05 10:04:10 ----A---- C:\Windows\system32\scrobj.dll
2008-09-04 17:03:37 ----D---- C:\PerfLogs
2008-09-04 13:26:13 ----A---- C:\Windows\system32\onex.dll
2008-09-04 13:26:12 ----A---- C:\Windows\system32\SLsvc.exe
2008-09-04 13:25:55 ----A---- C:\Windows\system32\PSHED.DLL
2008-09-04 13:25:54 ----A---- C:\Windows\system32\imagesp1.dll
2008-09-04 13:25:50 ----A---- C:\Windows\system32\dfsr.exe
2008-09-04 13:25:48 ----A---- C:\Windows\system32\pidgenx.dll
2008-09-04 13:25:47 ----A---- C:\Windows\system32\sstpsvc.dll
2008-09-04 13:25:47 ----A---- C:\Windows\system32\mstscax.dll
2008-09-04 13:25:45 ----A---- C:\Windows\system32\WsmSvc.dll
2008-09-04 13:25:45 ----A---- C:\Windows\system32\winrscmd.dll
2008-09-04 13:25:43 ----A---- C:\Windows\system32\sysmain.dll
2008-09-04 13:25:42 ----A---- C:\Windows\system32\RMActivate.exe
2008-09-04 13:25:40 ----A---- C:\Windows\system32\VSSVC.exe
2008-09-04 13:25:40 ----A---- C:\Windows\system32\vssapi.dll
2008-09-04 13:25:38 ----A---- C:\Windows\system32\secproc.dll
2008-09-04 13:25:38 ----A---- C:\Windows\system32\RMActivate_isv.exe
2008-09-04 13:25:37 ----A---- C:\Windows\system32\iesetup.dll
2008-09-04 13:25:34 ----A---- C:\Windows\system32\secproc_isv.dll
2008-09-04 13:25:30 ----A---- C:\Windows\system32\drmv2clt.dll
2008-09-04 13:25:28 ----A---- C:\Windows\system32\xpssvcs.dll
2008-09-04 13:25:28 ----A---- C:\Windows\system32\blackbox.dll
2008-09-04 13:25:23 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2008-09-04 13:25:23 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2008-09-04 13:25:20 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2008-09-04 13:25:19 ----A---- C:\Windows\system32\spwizimg.dll
2008-09-04 13:25:19 ----A---- C:\Windows\system32\rdpencom.dll
2008-09-04 13:25:18 ----A---- C:\Windows\system32\msxml3.dll
2008-09-04 13:25:18 ----A---- C:\Windows\system32\lpremove.exe
2008-09-04 13:25:18 ----A---- C:\Windows\bfsvc.exe
2008-09-04 13:25:17 ----A---- C:\Windows\system32\msxml6.dll
2008-09-04 13:25:17 ----A---- C:\Windows\system32\msjet40.dll
2008-09-04 13:25:16 ----A---- C:\Windows\system32\qmgr.dll
2008-09-04 13:25:16 ----A---- C:\Windows\system32\ntdll.dll
2008-09-04 13:25:16 ----A---- C:\Windows\system32\lsasrv.dll
2008-09-04 13:25:15 ----A---- C:\Windows\system32\localspl.dll
2008-09-04 13:25:14 ----A---- C:\Windows\system32\wevtsvc.dll
2008-09-04 13:25:14 ----A---- C:\Windows\system32\wcncsvc.dll
2008-09-04 13:25:14 ----A---- C:\Windows\system32\IKEEXT.DLL
2008-09-04 13:25:13 ----A---- C:\Windows\system32\TsWpfWrp.exe
2008-09-04 13:25:13 ----A---- C:\Windows\system32\recdisc.exe
2008-09-04 13:25:13 ----A---- C:\Windows\system32\kernel32.dll
2008-09-04 13:25:09 ----A---- C:\Windows\system32\vds.exe
2008-09-04 13:25:09 ----A---- C:\Windows\system32\CompMgmtLauncher.exe
2008-09-04 13:25:07 ----A---- C:\Windows\system32\wmp.dll
2008-09-04 13:25:06 ----A---- C:\Windows\system32\wcnwiz.dll
2008-09-04 13:25:06 ----A---- C:\Windows\system32\SMBHelperClass.dll
2008-09-04 13:25:06 ----A---- C:\Windows\system32\mstsc.exe
2008-09-04 13:25:05 ----A---- C:\Windows\system32\msvbvm60.dll
2008-09-04 13:25:04 ----A---- C:\Windows\system32\mf.dll
2008-09-04 13:25:03 ----A---- C:\Windows\system32\msdtctm.dll
2008-09-04 13:25:01 ----A---- C:\Windows\system32\termsrv.dll
2008-09-04 13:25:00 ----A---- C:\Windows\system32\kerberos.dll
2008-09-04 13:25:00 ----A---- C:\Windows\system32\advapi32.dll
2008-09-04 13:24:59 ----A---- C:\Windows\system32\IMJP10K.DLL
2008-09-04 13:24:58 ----A---- C:\Windows\system32\mmcndmgr.dll
2008-09-04 13:24:57 ----A---- C:\Windows\system32\MSMPEG2ADEC.DLL
2008-09-04 13:24:57 ----A---- C:\Windows\system32\CertEnroll.dll
2008-09-04 13:24:55 ----A---- C:\Windows\system32\MPSSVC.dll
2008-09-04 13:24:54 ----A---- C:\Windows\system32\xolehlp.dll
2008-09-04 13:24:54 ----A---- C:\Windows\system32\Query.dll
2008-09-04 13:24:53 ----A---- C:\Windows\system32\msdtcprx.dll
2008-09-04 13:24:52 ----A---- C:\Windows\system32\ole32.dll
2008-09-04 13:24:51 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2008-09-04 13:24:50 ----A---- C:\Windows\system32\netlogon.dll
2008-09-04 13:24:48 ----A---- C:\Windows\system32\SSShim.dll
2008-09-04 13:24:48 ----A---- C:\Windows\system32\msvcrt.dll
2008-09-04 13:24:47 ----A---- C:\Windows\system32\nlmgp.dll
2008-09-04 13:24:47 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-09-04 13:24:47 ----A---- C:\Windows\system32\DfsShlEx.dll
2008-09-04 13:24:45 ----A---- C:\Windows\system32\schedsvc.dll
2008-09-04 13:24:45 ----A---- C:\Windows\system32\IasMigPlugin.dll
2008-09-04 13:24:44 ----A---- C:\Windows\system32\shlwapi.dll
2008-09-04 13:24:44 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2008-09-04 13:24:43 ----A---- C:\Windows\system32\sdclt.exe
2008-09-04 13:24:42 ----A---- C:\Windows\system32\milcore.dll
2008-09-04 13:24:41 ----A---- C:\Windows\system32\wer.dll
2008-09-04 13:24:41 ----A---- C:\Windows\system32\user32.dll
2008-09-04 13:24:40 ----A---- C:\Windows\system32\clusapi.dll
2008-09-04 13:24:39 ----A---- C:\Windows\system32\vdsdyn.dll
2008-09-04 13:24:38 ----A---- C:\Windows\system32\WSDApi.dll
2008-09-04 13:24:38 ----A---- C:\Windows\system32\QAGENTRT.DLL
2008-09-04 13:24:38 ----A---- C:\Windows\system32\d3d9.dll
2008-09-04 13:24:37 ----A---- C:\Windows\system32\diagperf.dll
2008-09-04 13:24:36 ----A---- C:\Windows\system32\winrsmgr.dll
2008-09-04 13:24:36 ----A---- C:\Windows\system32\mmc.exe
2008-09-04 13:24:34 ----A---- C:\Windows\system32\SLC.dll
2008-09-04 13:24:34 ----A---- C:\Windows\system32\mtxclu.dll
2008-09-04 13:24:33 ----A---- C:\Windows\system32\vdsbas.dll
2008-09-04 13:24:33 ----A---- C:\Windows\system32\swprv.dll
2008-09-04 13:24:32 ----A---- C:\Windows\system32\msi.dll
2008-09-04 13:24:32 ----A---- C:\Windows\system32\comctl32.dll
2008-09-04 13:24:29 ----A---- C:\Windows\system32\MSVidCtl.dll
2008-09-04 13:24:28 ----A---- C:\Windows\system32\XPSSHHDR.dll
2008-09-04 13:24:28 ----A---- C:\Windows\system32\msdtckrm.dll
2008-09-04 13:24:28 ----A---- C:\Windows\system32\gpsvc.dll
2008-09-04 13:24:27 ----A---- C:\Windows\system32\sbe.dll
2008-09-04 13:24:27 ----A---- C:\Windows\system32\samsrv.dll
2008-09-04 13:24:27 ----A---- C:\Windows\system32\mfc42u.dll
2008-09-04 13:24:27 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2008-09-04 13:24:26 ----A---- C:\Windows\system32\wecutil.exe
2008-09-04 13:24:26 ----A---- C:\Windows\system32\sdengin2.dll
2008-09-04 13:24:26 ----A---- C:\Windows\system32\esent.dll
2008-09-04 13:24:25 ----A---- C:\Windows\system32\usp10.dll
2008-09-04 13:24:25 ----A---- C:\Windows\system32\gacinstall.dll
2008-09-04 13:24:25 ----A---- C:\Windows\system32\cmicryptinstall.dll
2008-09-04 13:24:24 ----A---- C:\Windows\system32\mfc42.dll
2008-09-04 13:24:24 ----A---- C:\Windows\system32\cmipnpinstall.dll
2008-09-04 13:24:22 ----A---- C:\Windows\system32\comsvcs.dll
2008-09-04 13:24:21 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2008-09-04 13:24:21 ----A---- C:\Windows\system32\crypt32.dll
2008-09-04 13:24:20 ----A---- C:\Windows\system32\certutil.exe
2008-09-04 13:24:19 ----A---- C:\Windows\system32\mswsock.dll
2008-09-04 13:24:18 ----A---- C:\Windows\explorer.exe
2008-09-04 13:24:17 ----A---- C:\Windows\system32\wmdrmsdk.dll
2008-09-04 13:24:17 ----A---- C:\Windows\system32\oleaut32.dll
2008-09-04 13:24:16 ----A---- C:\Windows\system32\setupapi.dll
2008-09-04 13:24:16 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-09-04 13:24:15 ----A---- C:\Windows\system32\sqlceqp30.dll
2008-09-04 13:24:15 ----A---- C:\Windows\system32\lsm.exe
2008-09-04 13:24:15 ----A---- C:\Windows\system32\bcrypt.dll
2008-09-04 13:24:14 ----A---- C:\Windows\system32\wecsvc.dll
2008-09-04 13:24:13 ----A---- C:\Windows\system32\sdohlp.dll
2008-09-04 13:24:13 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2008-09-04 13:24:12 ----A---- C:\Windows\system32\schannel.dll
2008-09-04 13:24:12 ----A---- C:\Windows\system32\msv1_0.dll
2008-09-04 13:24:12 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-09-04 13:24:11 ----A---- C:\Windows\system32\thumbcache.dll
2008-09-04 13:24:11 ----A---- C:\Windows\system32\p2psvc.dll
2008-09-04 13:24:11 ----A---- C:\Windows\system32\netapi32.dll
2008-09-04 13:24:11 ----A---- C:\Windows\system32\eapp3hst.dll
2008-09-04 13:24:10 ----A---- C:\Windows\system32\wmpmde.dll
2008-09-04 13:24:10 ----A---- C:\Windows\system32\mcmde.dll
2008-09-04 13:24:09 ----A---- C:\Windows\system32\riched20.dll
2008-09-04 13:24:09 ----A---- C:\Windows\system32\autofmt.exe
2008-09-04 13:24:09 ----A---- C:\Windows\system32\autoconv.exe
2008-09-04 13:24:09 ----A---- C:\Windows\system32\autochk.exe
2008-09-04 13:24:08 ----A---- C:\Windows\system32\WinSAT.exe
2008-09-04 13:24:08 ----A---- C:\Windows\system32\vdsutil.dll
2008-09-04 13:24:08 ----A---- C:\Windows\system32\imapi2fs.dll
2008-09-04 13:24:08 ----A---- C:\Windows\system32\d3d10_1.dll
2008-09-04 13:24:07 ----A---- C:\Windows\system32\authfwcfg.dll
2008-09-04 13:24:06 ----A---- C:\Windows\system32\authui.dll
2008-09-04 13:24:05 ----A---- C:\Windows\system32\wevtapi.dll
2008-09-04 13:24:05 ----A---- C:\Windows\system32\dmvdsitf.dll
2008-09-04 13:24:05 ----A---- C:\Windows\system32\d3d10_1core.dll
2008-09-04 13:24:05 ----A---- C:\Windows\system32\comuid.dll
2008-09-04 13:24:05 ----A---- C:\Windows\system32\comdlg32.dll
2008-09-04 13:24:05 ----A---- C:\Windows\system32\browseui.dll
2008-09-04 13:24:04 ----A---- C:\Windows\system32\WSDMon.dll
2008-09-04 13:24:03 ----A---- C:\Windows\system32\eapphost.dll
2008-09-04 13:24:02 ----A---- C:\Windows\system32\wevtfwd.dll
2008-09-04 13:24:02 ----A---- C:\Windows\system32\uexfat.dll
2008-09-04 13:24:02 ----A---- C:\Windows\system32\rasmans.dll
2008-09-04 13:24:02 ----A---- C:\Windows\system32\eappcfg.dll
2008-09-04 13:24:01 ----A---- C:\Windows\system32\untfs.dll
2008-09-04 13:24:01 ----A---- C:\Windows\system32\iassam.dll
2008-09-04 13:24:01 ----A---- C:\Windows\system32\DfrgNtfs.exe
2008-09-04 13:24:00 ----A---- C:\Windows\system32\whealogr.dll
2008-09-04 13:24:00 ----A---- C:\Windows\system32\sqlcese30.dll
2008-09-04 13:24:00 ----A---- C:\Windows\system32\pcaui.dll
2008-09-04 13:23:59 ----A---- C:\Windows\system32\wlansvc.dll
2008-09-04 13:23:57 ----A---- C:\Windows\system32\dot3svc.dll
2008-09-04 13:23:54 ----A---- C:\Windows\system32\rdpwsx.dll
2008-09-04 13:23:52 ----A---- C:\Windows\system32\mssha.dll
2008-09-04 13:23:51 ----A---- C:\Windows\system32\winhttp.dll
2008-09-04 13:23:51 ----A---- C:\Windows\system32\msdrm.dll
2008-09-04 13:23:50 ----A---- C:\Windows\system32\zipfldr.dll
2008-09-04 13:23:50 ----A---- C:\Windows\system32\evr.dll
2008-09-04 13:23:50 ----A---- C:\Windows\system32\dfrgui.exe
2008-09-04 13:23:49 ----A---- C:\Windows\system32\WsmAuto.dll
2008-09-04 13:23:48 ----A---- C:\Windows\system32\rpcss.dll
2008-09-04 13:23:48 ----A---- C:\Windows\system32\nlasvc.dll
2008-09-04 13:23:47 ----A---- C:\Windows\system32\rasppp.dll
2008-09-04 13:23:47 ----A---- C:\Windows\system32\ncrypt.dll
2008-09-04 13:23:47 ----A---- C:\Windows\system32\BFE.DLL
2008-09-04 13:23:46 ----A---- C:\Windows\system32\audiosrv.dll
2008-09-04 13:23:45 ----A---- C:\Windows\system32\wmdrmdev.dll
2008-09-04 13:23:45 ----A---- C:\Windows\system32\msrepl40.dll
2008-09-04 13:23:44 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-09-04 13:23:43 ----A---- C:\Windows\system32\ddraw.dll
2008-09-04 13:23:42 ----A---- C:\Windows\system32\WsmWmiPl.dll
2008-09-04 13:23:42 ----A---- C:\Windows\system32\win32spl.dll
2008-09-04 13:23:42 ----A---- C:\Windows\system32\printui.dll
2008-09-04 13:23:42 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-09-04 13:23:41 ----A---- C:\Windows\system32\WebClnt.dll
2008-09-04 13:23:41 ----A---- C:\Windows\system32\themecpl.dll
2008-09-04 13:23:41 ----A---- C:\Windows\system32\rastls.dll
2008-09-04 13:23:41 ----A---- C:\Windows\system32\objsel.dll
2008-09-04 13:23:39 ----A---- C:\Windows\system32\QAGENT.DLL
2008-09-04 13:23:39 ----A---- C:\Windows\system32\dbghelp.dll
2008-09-04 13:23:38 ----A---- C:\Windows\system32\w32time.dll
2008-09-04 13:23:38 ----A---- C:\Windows\system32\sqlsrv32.dll
2008-09-04 13:23:38 ----A---- C:\Windows\system32\iasnap.dll
2008-09-04 13:23:36 ----A---- C:\Windows\system32\ncryptui.dll
2008-09-04 13:23:36 ----A---- C:\Windows\system32\icm32.dll
2008-09-04 13:23:35 ----A---- C:\Windows\system32\wmdrmnet.dll
2008-09-04 13:23:35 ----A---- C:\Windows\system32\WerFaultSecure.exe
2008-09-04 13:23:35 ----A---- C:\Windows\system32\iprtrmgr.dll
2008-09-04 13:23:35 ----A---- C:\Windows\system32\azroles.dll
2008-09-04 13:23:34 ----A---- C:\Windows\system32\spoolss.dll
2008-09-04 13:23:32 ----A---- C:\Windows\system32\wlangpui.dll
2008-09-04 13:23:32 ----A---- C:\Windows\system32\winsrv.dll
2008-09-04 13:23:32 ----A---- C:\Windows\system32\taskschd.dll
2008-09-04 13:23:32 ----A---- C:\Windows\system32\msctf.dll
2008-09-04 13:23:32 ----A---- C:\Windows\system32\bcdedit.exe
2008-09-04 13:23:32 ----A---- C:\Windows\system32\basecsp.dll
2008-09-04 13:23:31 ----A---- C:\Windows\system32\scksp.dll
2008-09-04 13:23:31 ----A---- C:\Windows\system32\mstlsapi.dll
2008-09-04 13:23:31 ----A---- C:\Windows\system32\AudioEng.dll
2008-09-04 13:23:30 ----A---- C:\Windows\system32\netprofm.dll
2008-09-04 13:23:29 ----A---- C:\Windows\system32\winsta.dll
2008-09-04 13:23:29 ----A---- C:\Windows\system32\dbgeng.dll
2008-09-04 13:23:28 ----A---- C:\Windows\system32\rsaenh.dll
2008-09-04 13:23:28 ----A---- C:\Windows\system32\netcfgx.dll
2008-09-04 13:23:27 ----A---- C:\Windows\system32\taskcomp.dll
2008-09-04 13:23:27 ----A---- C:\Windows\system32\cdosys.dll
2008-09-04 13:23:26 ----A---- C:\Windows\system32\winlogon.exe
2008-09-04 13:23:25 ----A---- C:\Windows\system32\wercon.exe
2008-09-04 13:23:25 ----A---- C:\Windows\system32\lpksetup.exe
2008-09-04 13:23:24 ----A---- C:\Windows\system32\sqmapi.dll
2008-09-04 13:23:23 ----A---- C:\Windows\system32\wlansec.dll
2008-09-04 13:23:22 ----A---- C:\Windows\system32\msdtcuiu.dll
2008-09-04 13:23:22 ----A---- C:\Windows\system32\apds.dll
2008-09-04 13:23:21 ----A---- C:\Windows\system32\certcli.dll
2008-09-04 13:23:20 ----A---- C:\Windows\system32\mprddm.dll
2008-09-04 13:23:19 ----A---- C:\Windows\system32\iasrad.dll
2008-09-04 13:23:18 ----A---- C:\Windows\system32\eapsvc.dll
2008-09-04 13:23:18 ----A---- C:\Windows\system32\AUDIOKSE.dll
2008-09-04 13:23:17 ----A---- C:\Windows\system32\tsgqec.dll
2008-09-04 13:23:17 ----A---- C:\Windows\system32\aaclient.dll
2008-09-04 13:23:16 ----A---- C:\Windows\system32\shdocvw.dll
2008-09-04 13:23:14 ----A---- C:\Windows\system32\bcdsrv.dll
2008-09-04 13:23:13 ----A---- C:\Windows\system32\certmgr.dll
2008-09-04 13:23:12 ----A---- C:\Windows\system32\Wldap32.dll
2008-09-04 13:23:12 ----A---- C:\Windows\system32\uDWM.dll
2008-09-04 13:23:12 ----A---- C:\Windows\system32\dnsapi.dll
2008-09-04 13:23:11 ----A---- C:\Windows\system32\msidcrl30.dll
2008-09-04 13:23:10 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-09-04 13:23:09 ----A---- C:\Windows\system32\WMVDECOD.DLL
2008-09-04 13:23:07 ----A---- C:\Windows\system32\pla.dll
2008-09-04 13:23:06 ----A---- C:\Windows\system32\dxgi.dll
2008-09-04 13:23:05 ----A---- C:\Windows\system32\dot3gpui.dll
2008-09-04 13:23:04 ----A---- C:\Windows\system32\netshell.dll
2008-09-04 13:23:03 ----A---- C:\Windows\system32\wmicmiplugin.dll
2008-09-04 13:23:00 ----A---- C:\Windows\system32\ntprint.dll
2008-09-04 13:22:59 ----A---- C:\Windows\system32\shsvcs.dll
2008-09-04 13:22:59 ----A---- C:\Windows\system32\cryptnet.dll
2008-09-04 13:22:59 ----A---- C:\Windows\system32\comsnap.dll
2008-09-04 13:22:58 ----A---- C:\Windows\system32\MMDevAPI.dll
2008-09-04 13:22:56 ----A---- C:\Windows\system32\winmm.dll
2008-09-04 13:22:55 ----A---- C:\Windows\system32\wscsvc.dll
2008-09-04 13:22:55 ----A---- C:\Windows\system32\services.exe
2008-09-04 13:22:54 ----A---- C:\Windows\system32\synceng.dll
2008-09-04 13:22:53 ----A---- C:\Windows\system32\pnidui.dll
2008-09-04 13:22:53 ----A---- C:\Windows\system32\cmifw.dll
2008-09-04 13:22:52 ----A---- C:\Windows\system32\wscisvif.dll
2008-09-04 13:22:51 ----A---- C:\Windows\system32\msconfig.exe
2008-09-04 13:22:50 ----A---- C:\Windows\system32\taskeng.exe
2008-09-04 13:22:50 ----A---- C:\Windows\system32\iassdo.dll
2008-09-04 13:22:49 ----A---- C:\Windows\system32\msjtes40.dll
2008-09-04 13:22:49 ----A---- C:\Windows\system32\cipher.exe
2008-09-04 13:22:48 ----A---- C:\Windows\system32\WMVSDECD.DLL
2008-09-04 13:22:46 ----A---- C:\Windows\system32\imapi2.dll
2008-09-04 13:22:45 ----A---- C:\Windows\system32\rasapi32.dll
2008-09-04 13:22:44 ----A---- C:\Windows\system32\wersvc.dll
2008-09-04 13:22:44 ----A---- C:\Windows\system32\uxtheme.dll
2008-09-04 13:22:44 ----A---- C:\Windows\system32\tdh.dll
2008-09-04 13:22:43 ----A---- C:\Windows\system32\SessEnv.dll
2008-09-04 13:22:43 ----A---- C:\Windows\system32\dot3api.dll
2008-09-04 13:22:43 ----A---- C:\Windows\system32\dmdskmgr.dll
2008-09-04 13:22:41 ----A---- C:\Windows\system32\cmd.exe
2008-09-04 13:22:40 ----A---- C:\Windows\system32\cbsra.exe
2008-09-04 13:22:40 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2008-09-04 13:22:39 ----A---- C:\Windows\system32\qdvd.dll
2008-09-04 13:22:39 ----A---- C:\Windows\system32\msscp.dll
2008-09-04 13:22:38 ----A---- C:\Windows\system32\wkssvc.dll
2008-09-04 13:22:38 ----A---- C:\Windows\system32\wevtutil.exe
2008-09-04 13:22:37 ----A---- C:\Windows\system32\wlanmsm.dll
2008-09-04 13:22:37 ----A---- C:\Windows\system32\srvsvc.dll
2008-09-04 13:22:37 ----A---- C:\Windows\system32\loadperf.dll
2008-09-04 13:22:36 ----A---- C:\Windows\system32\WUDFx.dll
2008-09-04 13:22:36 ----A---- C:\Windows\system32\wlancfg.dll
2008-09-04 13:22:36 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2008-09-04 13:22:35 ----A---- C:\Windows\system32\diskpart.exe
2008-09-04 13:22:35 ----A---- C:\Windows\system32\comres.dll
2008-09-04 13:22:34 ----A---- C:\Windows\system32\mshtmled.dll
2008-09-04 13:22:33 ----A---- C:\Windows\system32\localsec.dll
2008-09-04 13:22:33 ----A---- C:\Windows\system32\fontext.dll
2008-09-04 13:22:32 ----A---- C:\Windows\system32\rpchttp.dll
2008-09-04 13:22:32 ----A---- C:\Windows\system32\rdpdd.dll
2008-09-04 13:22:30 ----A---- C:\Windows\system32\wlanapi.dll
2008-09-04 13:22:30 ----A---- C:\Windows\system32\hnetcfg.dll
2008-09-04 13:22:28 ----A---- C:\Windows\system32\WinSATAPI.dll
2008-09-04 13:22:27 ----A---- C:\Windows\system32\wsqmcons.exe
2008-09-04 13:22:27 ----A---- C:\Windows\system32\WMADMOD.DLL
2008-09-04 13:22:27 ----A---- C:\Windows\system32\dsound.dll
2008-09-04 13:22:26 ----A---- C:\Windows\system32\NAPMONTR.DLL
2008-09-04 13:22:25 ----A---- C:\Windows\system32\wlanpref.dll
2008-09-04 13:22:25 ----A---- C:\Windows\system32\profprov.dll
2008-09-04 13:22:25 ----A---- C:\Windows\system32\avifil32.dll
2008-09-04 13:22:24 ----A---- C:\Windows\system32\RDPENCDD.dll
2008-09-04 13:22:24 ----A---- C:\Windows\system32\filemgmt.dll
2008-09-04 13:22:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-09-04 13:22:22 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-09-04 13:22:21 ----A---- C:\Windows\system32\tracerpt.exe
2008-09-04 13:22:21 ----A---- C:\Windows\system32\MuiUnattend.exe
2008-09-04 13:22:20 ----A---- C:\Windows\system32\wsecedit.dll
2008-09-04 13:22:20 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-09-04 13:22:19 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2008-09-04 13:22:19 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-09-04 13:22:18 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2008-09-04 13:22:18 ----A---- C:\Windows\system32\P2PGraph.dll
2008-09-04 13:22:18 ----A---- C:\Windows\system32\dwmredir.dll
2008-09-04 13:22:18 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2008-09-04 13:22:17 ----A---- C:\Windows\system32\wininit.exe
2008-09-04 13:22:17 ----A---- C:\Windows\system32\gpresult.exe
2008-09-04 13:22:17 ----A---- C:\Windows\system32\dwm.exe
2008-09-04 13:22:17 ----A---- C:\Windows\system32\apphelp.dll
2008-09-04 13:22:16 ----A---- C:\Windows\system32\spp.dll
2008-09-04 13:22:16 ----A---- C:\Windows\system32\rasdlg.dll
2008-09-04 13:22:16 ----A---- C:\Windows\system32\QSHVHOST.DLL
2008-09-04 13:22:16 ----A---- C:\Windows\system32\iassvcs.dll
2008-09-04 13:22:16 ----A---- C:\Windows\system32\azroleui.dll
2008-09-04 13:22:15 ----A---- C:\Windows\system32\iashost.exe
2008-09-04 13:22:15 ----A---- C:\Windows\HelpPane.exe
2008-09-04 13:22:14 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-09-04 13:22:14 ----A---- C:\Windows\system32\mcbuilder.exe
2008-09-04 13:22:13 ----A---- C:\Windows\system32\spwizeng.dll
2008-09-04 13:22:13 ----A---- C:\Windows\system32\SLUI.exe
2008-09-04 13:22:12 ----A---- C:\Windows\system32\srrstr.dll
2008-09-04 13:22:12 ----A---- C:\Windows\system32\rasmontr.dll
2008-09-04 13:22:11 ----A---- C:\Windows\system32\wecapi.dll
2008-09-04 13:22:11 ----A---- C:\Windows\system32\unbcl.dll
2008-09-04 13:22:11 ----A---- C:\Windows\system32\tcpmon.dll
2008-09-04 13:22:11 ----A---- C:\Windows\system32\shrink.dll
2008-09-04 13:22:11 ----A---- C:\Windows\system32\msra.exe
2008-09-04 13:22:11 ----A---- C:\Windows\system32\lltdsvc.dll
2008-09-04 13:22:10 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2008-09-04 13:22:10 ----A---- C:\Windows\system32\iashlpr.dll
2008-09-04 13:22:10 ----A---- C:\Windows\system32\gpedit.dll
2008-09-04 13:22:10 ----A---- C:\Windows\system32\brcpl.dll
2008-09-04 13:22:09 ----A---- C:\Windows\system32\WMPEncEn.dll
2008-09-04 13:22:09 ----A---- C:\Windows\system32\oleacc.dll
2008-09-04 13:22:08 ----A---- C:\Windows\system32\raschap.dll
2008-09-04 13:22:08 ----A---- C:\Windows\system32\msdri.dll
2008-09-04 13:22:08 ----A---- C:\Windows\system32\iertutil.dll
2008-09-04 13:22:07 ----A---- C:\Windows\system32\framedynos.dll
2008-09-04 13:22:06 ----A---- C:\Windows\system32\regsvc.dll
2008-09-04 13:22:06 ----A---- C:\Windows\system32\fdWSD.dll
2008-09-04 13:22:06 ----A---- C:\Windows\system32\advpack.dll
2008-09-04 13:22:05 ----A---- C:\Windows\system32\vsstrace.dll
2008-09-04 13:22:05 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2008-09-04 13:22:05 ----A---- C:\Windows\system32\ntvdm.exe
2008-09-04 13:22:05 ----A---- C:\Windows\system32\ipsmsnap.dll
2008-09-04 13:22:05 ----A---- C:\Windows\system32\Faultrep.dll
2008-09-04 13:22:04 ----A---- C:\Windows\system32\wdc.dll
2008-09-04 13:22:04 ----A---- C:\Windows\system32\ntlanman.dll
2008-09-04 13:22:03 ----A---- C:\Windows\system32\wpdshext.dll
2008-09-04 13:22:03 ----A---- C:\Windows\system32\iedkcs32.dll
2008-09-04 13:22:02 ----A---- C:\Windows\system32\Storprop.dll
2008-09-04 13:22:02 ----A---- C:\Windows\system32\NetProjW.dll
2008-09-04 13:22:02 ----A---- C:\Windows\system32\netman.dll
2008-09-04 13:22:02 ----A---- C:\Windows\system32\l2nacp.dll
2008-09-04 13:22:02 ----A---- C:\Windows\system32\dssenh.dll
2008-09-04 13:22:01 ----A---- C:\Windows\system32\ieapfltr.dll
2008-09-04 13:22:01 ----A---- C:\Windows\system32\framedyn.dll
2008-09-04 13:22:00 ----A---- C:\Windows\system32\WlanMM.dll
2008-09-04 13:22:00 ----A---- C:\Windows\system32\certreq.exe
2008-09-04 13:22:00 ----A---- C:\Windows\system32\adsnt.dll
2008-09-04 13:21:59 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-09-04 13:21:59 ----A---- C:\Windows\system32\sxs.dll
2008-09-04 13:21:59 ----A---- C:\Windows\system32\profsvc.dll
2008-09-04 13:21:59 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-09-04 13:21:59 ----A---- C:\Windows\system32\KMSVC.DLL
2008-09-04 13:21:58 ----A---- C:\Windows\system32\WsmProv.dll
2008-09-04 13:21:58 ----A---- C:\Windows\system32\wlanhlp.dll
2008-09-04 13:21:58 ----A---- C:\Windows\system32\WLanConn.dll
2008-09-04 13:21:58 ----A---- C:\Windows\system32\IPBusEnum.dll
2008-09-04 13:21:57 ----A---- C:\Windows\system32\wusa.exe
2008-09-04 13:21:57 ----A---- C:\Windows\system32\WUDFHost.exe
2008-09-04 13:21:57 ----A---- C:\Windows\system32\VAN.dll
2008-09-04 13:21:57 ----A---- C:\Windows\system32\userenv.dll
2008-09-04 13:21:57 ----A---- C:\Windows\system32\umb.dll
2008-09-04 13:21:57 ----A---- C:\Windows\system32\ncsi.dll
2008-09-04 13:21:56 ----A---- C:\Windows\system32\WerFault.exe
2008-09-04 13:21:56 ----A---- C:\Windows\system32\ie4uinit.exe
2008-09-04 13:21:56 ----A---- C:\Windows\system32\fundisc.dll
2008-09-04 13:21:55 ----A---- C:\Windows\system32\catsrvut.dll
2008-09-04 13:21:54 ----A---- C:\Windows\system32\puiobj.dll
2008-09-04 13:21:54 ----A---- C:\Windows\system32\cryptui.dll
2008-09-04 13:21:53 ----A---- C:\Windows\system32\netid.dll
2008-09-04 13:21:52 ----A---- C:\Windows\system32\photowiz.dll
2008-09-04 13:21:52 ----A---- C:\Windows\system32\InkEd.dll
2008-09-04 13:21:52 ----A---- C:\Windows\system32\dps.dll
2008-09-04 13:21:51 ----A---- C:\Windows\system32\MdSched.exe
2008-09-04 13:21:50 ----A---- C:\Windows\system32\netcenter.dll
2008-09-04 13:21:48 ----A---- C:\Windows\system32\ipsecsnp.dll
2008-09-04 13:21:47 ----A---- C:\Windows\system32\WinSCard.dll
2008-09-04 13:21:46 ----A---- C:\Windows\system32\ws2_32.dll
2008-09-04 13:21:46 ----A---- C:\Windows\system32\spbcd.dll
2008-09-04 13:21:45 ----A---- C:\Windows\system32\ntdsapi.dll
2008-09-04 13:21:45 ----A---- C:\Windows\system32\msinfo32.exe
2008-09-04 13:21:44 ----A---- C:\Windows\system32\winrs.exe
2008-09-04 13:21:44 ----A---- C:\Windows\system32\secur32.dll
2008-09-04 13:21:44 ----A---- C:\Windows\system32\odbcjt32.dll
2008-09-04 13:21:43 ----A---- C:\Windows\system32\NAPSTAT.EXE
2008-09-04 13:21:43 ----A---- C:\Windows\system32\iisRtl.dll
2008-09-04 13:21:41 ----A---- C:\Windows\system32\prnntfy.dll
2008-09-04 13:21:39 ----A---- C:\Windows\system32\mblctr.exe
2008-09-04 13:21:38 ----A---- C:\Windows\system32\cryptsvc.dll
2008-09-04 13:21:37 ----A---- C:\Windows\system32\RelMon.dll
2008-09-04 13:21:36 ----A---- C:\Windows\system32\schtasks.exe
2008-09-04 13:21:36 ----A---- C:\Windows\system32\msfeeds.dll
2008-09-04 13:21:35 ----A---- C:\Windows\system32\iasacct.dll
2008-09-04 13:21:34 ----A---- C:\Windows\system32\dmdlgs.dll
2008-09-04 13:21:34 ----A---- C:\Windows\system32\activeds.dll
2008-09-04 13:21:33 ----A---- C:\Windows\system32\pdh.dll
2008-09-04 13:21:33 ----A---- C:\Windows\system32\dhcpsapi.dll
2008-09-04 13:21:32 ----A---- C:\Windows\system32\netdiagfx.dll
2008-09-04 13:21:32 ----A---- C:\Windows\system32\catsrv.dll
2008-09-04 13:21:31 ----A---- C:\Windows\system32\TSpkg.dll
2008-09-04 13:21:30 ----A---- C:\Windows\system32\dfrgfat.exe
2008-09-04 13:21:29 ----A---- C:\Windows\system32\FirewallControlPanel.exe
2008-09-04 13:21:29 ----A---- C:\Windows\system32\fdWCN.dll
2008-09-04 13:21:27 ----A---- C:\Windows\system32\wvc.dll
2008-09-04 13:21:27 ----A---- C:\Windows\system32\winrm.vbs
2008-09-04 13:21:27 ----A---- C:\Windows\system32\qwave.dll
2008-09-04 13:21:26 ----A---- C:\Windows\system32\dot3msm.dll
2008-09-04 13:21:26 ----A---- C:\Windows\system32\AudioSes.dll
2008-09-04 13:21:24 ----A---- C:\Windows\system32\dot3cfg.dll
2008-09-04 13:21:23 ----A---- C:\Windows\system32\netcorehc.dll
2008-09-04 13:21:23 ----A---- C:\Windows\system32\NAPHLPR.DLL
2008-09-04 13:21:23 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2008-09-04 13:21:23 ----A---- C:\Windows\system32\ifmon.dll
2008-09-04 13:21:22 ----A---- C:\Windows\system32\rastapi.dll
2008-09-04 13:21:22 ----A---- C:\Windows\system32\msacm32.dll
2008-09-04 13:21:20 ----A---- C:\Windows\system32\wow32.dll
2008-09-04 13:21:19 ----A---- C:\Windows\system32\adsldp.dll
2008-09-04 13:21:18 ----A---- C:\Windows\system32\shsetup.dll
2008-09-04 13:21:14 ----A---- C:\Windows\system32\ntshrui.dll
2008-09-04 13:21:14 ----A---- C:\Windows\system32\msdt.dll
2008-09-04 13:21:14 ----A---- C:\Windows\system32\els.dll
2008-09-04 13:21:14 ----A---- C:\Windows\system32\clbcatq.dll
2008-09-04 13:21:13 ----A---- C:\Windows\system32\wscntfy.dll
2008-09-04 13:21:13 ----A---- C:\Windows\system32\QUTIL.DLL
2008-09-04 13:21:13 ----A---- C:\Windows\system32\iasdatastore.dll
2008-09-04 13:21:12 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-09-04 13:21:12 ----A---- C:\Windows\system32\iasrecst.dll
2008-09-04 13:21:12 ----A---- C:\Windows\system32\fdSSDP.dll
2008-09-04 13:21:12 ----A---- C:\Windows\system32\ahadmin.dll
2008-09-04 13:21:11 ----A---- C:\Windows\system32\stobject.dll
2008-09-04 13:21:11 ----A---- C:\Windows\system32\sdrsvc.dll
2008-09-04 13:21:11 ----A---- C:\Windows\system32\net1.exe
2008-09-04 13:21:11 ----A---- C:\Windows\system32\ipnathlp.dll
2008-09-04 13:21:07 ----A---- C:\Windows\system32\wlanui.dll
2008-09-04 13:21:07 ----A---- C:\Windows\system32\dsprop.dll
2008-09-04 13:21:07 ----A---- C:\Windows\system32\Defrag.exe
2008-09-04 13:21:06 ----A---- C:\Windows\system32\adsldpc.dll
2008-09-04 13:21:05 ----A---- C:\Windows\system32\wlgpclnt.dll
2008-09-04 13:21:05 ----A---- C:\Windows\system32\smss.exe
2008-09-04 13:21:05 ----A---- C:\Windows\system32\nci.dll
2008-09-04 13:21:04 ----A---- C:\Windows\system32\mprmsg.dll
2008-09-04 13:21:03 ----A---- C:\Windows\system32\upnphost.dll
2008-09-04 13:21:03 ----A---- C:\Windows\system32\systemcpl.dll
2008-09-04 13:21:02 ----A---- C:\Windows\system32\rasman.dll
2008-09-04 13:21:02 ----A---- C:\Windows\system32\ActiveContentWizard.dll
2008-09-04 13:21:01 ----A---- C:\Windows\system32\P2P.dll
2008-09-04 13:21:01 ----A---- C:\Windows\system32\msftedit.dll
2008-09-04 13:21:01 ----A---- C:\Windows\system32\CompatUI.dll
2008-09-04 13:21:00 ----A---- C:\Windows\system32\t2embed.dll
2008-09-04 13:21:00 ----A---- C:\Windows\system32\rascfg.dll
2008-09-04 13:21:00 ----A---- C:\Windows\system32\PresentationSettings.exe
2008-09-04 13:21:00 ----A---- C:\Windows\system32\oleprn.dll
2008-09-04 13:21:00 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2008-09-04 13:21:00 ----A---- C:\Windows\system32\loghours.dll
2008-09-04 13:21:00 ----A---- C:\Windows\system32\fde.dll
2008-09-04 13:20:59 ----A---- C:\Windows\system32\L2SecHC.dll
2008-09-04 13:20:58 ----A---- C:\Windows\system32\MigAutoPlay.exe
2008-09-04 13:20:58 ----A---- C:\Windows\system32\dxdiag.exe
2008-09-04 13:20:57 ----A---- C:\Windows\system32\Wpc.dll
2008-09-04 13:20:57 ----A---- C:\Windows\system32\DFDWiz.exe
2008-09-04 13:20:56 ----A---- C:\Windows\system32\wdigest.dll
2008-09-04 13:20:56 ----A---- C:\Windows\system32\setupcl.exe
2008-09-04 13:20:56 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2008-09-04 13:20:55 ----A---- C:\Windows\system32\mprdim.dll
2008-09-04 13:20:55 ----A---- C:\Windows\system32\gpapi.dll
2008-09-04 13:20:54 ----A---- C:\Windows\system32\rtm.dll
2008-09-04 13:20:54 ----A---- C:\Windows\system32\msutb.dll
2008-09-04 13:20:54 ----A---- C:\Windows\system32\devmgr.dll
2008-09-04 13:20:53 ----A---- C:\Windows\system32\scansetting.dll
2008-09-04 13:20:52 ----A---- C:\Windows\system32\wiaservc.dll
2008-09-04 13:20:52 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2008-09-04 13:20:50 ----A---- C:\Windows\system32\msihnd.dll
2008-09-04 13:20:50 ----A---- C:\Windows\system32\ifsutil.dll
2008-09-04 13:20:50 ----A---- C:\Windows\system32\CertEnrollUI.dll
2008-09-04 13:20:49 ----A---- C:\Windows\system32\actxprxy.dll
2008-09-04 13:20:48 ----A---- C:\Windows\system32\wdi.dll
2008-09-04 13:20:48 ----A---- C:\Windows\system32\kdusb.dll
2008-09-04 13:20:48 ----A---- C:\Windows\system32\dimsroam.dll
2008-09-04 13:20:47 ----A---- C:\Windows\system32\wscapi.dll
2008-09-04 13:20:47 ----A---- C:\Windows\system32\mswmdm.dll
2008-09-04 13:20:46 ----A---- C:\Windows\system32\WinFXDocObj.exe
2008-09-04 13:20:46 ----A---- C:\Windows\system32\usbmon.dll
2008-09-04 13:20:46 ----A---- C:\Windows\system32\spoolsv.exe
2008-09-04 13:20:46 ----A---- C:\Windows\system32\imagehlp.dll
2008-09-04 13:20:46 ----A---- C:\Windows\system32\BOOTVID.DLL
2008-09-04 13:20:46 ----A---- C:\Windows\system32\audiodg.exe
2008-09-04 13:20:45 ----A---- C:\Windows\system32\SyncCenter.dll
2008-09-04 13:20:44 ----A---- C:\Windows\system32\wlandlg.dll
2008-09-04 13:20:44 ----A---- C:\Windows\system32\vssadmin.exe
2008-09-04 13:20:44 ----A---- C:\Windows\system32\msls31.dll
2008-09-04 13:20:43 ----A---- C:\Windows\system32\uudf.dll
2008-09-04 13:20:43 ----A---- C:\Windows\system32\regapi.dll
2008-09-04 13:20:43 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2008-09-04 13:20:43 ----A---- C:\Windows\system32\mycomput.dll
2008-09-04 13:20:41 ----A---- C:\Windows\system32\scecli.dll
2008-09-04 13:20:40 ----A---- C:\Windows\system32\newdev.dll
2008-09-04 13:20:40 ----A---- C:\Windows\system32\mspaint.exe
2008-09-04 13:20:39 ----A---- C:\Windows\system32\SCardSvr.dll
2008-09-04 13:20:38 ----A---- C:\Windows\system32\kdcom.dll
2008-09-04 13:20:37 ----A---- C:\Windows\system32\sud.dll
2008-09-04 13:20:37 ----A---- C:\Windows\system32\samlib.dll
2008-09-04 13:20:37 ----A---- C:\Windows\system32\puiapi.dll
2008-09-04 13:20:37 ----A---- C:\Windows\system32\mstask.dll
2008-09-04 13:20:36 ----A---- C:\Windows\system32\termmgr.dll
2008-09-04 13:20:35 ----A---- C:\Windows\system32\ssdpsrv.dll
2008-09-04 13:20:35 ----A---- C:\Windows\system32\mtxoci.dll
2008-09-04 13:20:35 ----A---- C:\Windows\system32\duser.dll
2008-09-04 13:20:34 ----A---- C:\Windows\system32\tapisrv.dll
2008-09-04 13:20:34 ----A---- C:\Windows\system32\adtschema.dll
2008-09-04 13:20:33 ----A---- C:\Windows\system32\cic.dll
2008-09-04 13:20:32 ----A---- C:\Windows\system32\inetpp.dll
2008-09-04 13:20:31 ----A---- C:\Windows\system32\Robocopy.exe
2008-09-04 13:20:31 ----A---- C:\Windows\system32\input.dll
2008-09-04 13:20:30 ----A---- C:\Windows\system32\SLUINotify.dll
2008-09-04 13:20:30 ----A---- C:\Windows\system32\AzSqlExt.dll
2008-09-04 13:20:28 ----A---- C:\Windows\system32\iasads.dll
2008-09-04 13:20:27 ----A---- C:\Windows\system32\wisptis.exe
2008-09-04 13:20:26 ----A---- C:\Windows\system32\cscapi.dll
2008-09-04 13:20:25 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-09-04 13:20:25 ----A---- C:\Windows\system32\netiohlp.dll
2008-09-04 13:20:25 ----A---- C:\Windows\system32\authz.dll
2008-09-04 13:20:24 ----A---- C:\Windows\system32\WUDFPlatform.dll
2008-09-04 13:20:24 ----A---- C:\Windows\system32\webcheck.dll
2008-09-04 13:20:24 ----A---- C:\Windows\system32\verifier.exe
2008-09-04 13:20:24 ----A---- C:\Windows\system32\sdshext.dll
2008-09-04 13:20:24 ----A---- C:\Windows\system32\msdtclog.dll
2008-09-04 13:20:24 ----A---- C:\Windows\system32\msdt.exe
2008-09-04 13:20:23 ----A---- C:\Windows\system32\wpcsvc.dll
2008-09-04 13:20:23 ----A---- C:\Windows\system32\themeui.dll
2008-09-04 13:20:23 ----A---- C:\Windows\system32\slcinst.dll
2008-09-04 13:20:23 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-09-04 13:20:23 ----A---- C:\Windows\system32\d3d8.dll
2008-09-04 13:20:23 ----A---- C:\Windows\system32\cmdial32.dll
2008-09-04 13:20:22 ----A---- C:\Windows\system32\wintrust.dll
2008-09-04 13:20:22 ----A---- C:\Windows\system32\oledlg.dll
2008-09-04 13:20:22 ----A---- C:\Windows\system32\dxtmsft.dll
2008-09-04 13:20:21 ----A---- C:\Windows\system32\vdsldr.exe
2008-09-04 13:20:21 ----A---- C:\Windows\system32\clfsw32.dll
2008-09-04 13:20:20 ----A---- C:\Windows\system32\ntmarta.dll
2008-09-04 13:20:20 ----A---- C:\Windows\system32\mmcbase.dll
2008-09-04 13:20:19 ----A---- C:\Windows\system32\wpccpl.dll
2008-09-04 13:20:19 ----A---- C:\Windows\system32\SndVol.exe
2008-09-04 13:20:19 ----A---- C:\Windows\system32\rasgcw.dll
2008-09-04 13:20:19 ----A---- C:\Windows\system32\icardie.dll
2008-09-04 13:20:18 ----A---- C:\Windows\system32\WMPhoto.dll
2008-09-04 13:20:18 ----A---- C:\Windows\system32\pnpsetup.dll
2008-09-04 13:20:18 ----A---- C:\Windows\system32\icfupgd.dll
2008-09-04 13:20:17 ----A---- C:\Windows\system32\SnippingTool.exe
2008-09-04 13:20:17 ----A---- C:\Windows\system32\ncobjapi.dll
2008-09-04 13:20:17 ----A---- C:\Windows\system32\msaatext.dll
2008-09-04 13:20:17 ----A---- C:\Windows\system32\mlang.dll
2008-09-04 13:20:16 ----A---- C:\Windows\system32\rasqec.dll
2008-09-04 13:20:16 ----A---- C:\Windows\system32\msrd3x40.dll
2008-09-04 13:20:16 ----A---- C:\Windows\system32\mpr.dll
2008-09-04 13:20:15 ----A---- C:\Windows\system32\diskraid.exe
2008-09-04 13:20:13 ----A---- C:\Windows\system32\wpd_ci.dll
2008-09-04 13:20:13 ----A---- C:\Windows\system32\nslookup.exe
2008-09-04 13:20:12 ----A---- C:\Windows\system32\slmgr.vbs
2008-09-04 13:20:12 ----A---- C:\Windows\system32\accessibilitycpl.dll
2008-09-04 13:20:11 ----A---- C:\Windows\system32\wtsapi32.dll
2008-09-04 13:20:11 ----A---- C:\Windows\system32\unlodctr.exe
2008-09-04 13:20:11 ----A---- C:\Windows\system32\syssetup.dll
2008-09-04 13:20:11 ----A---- C:\Windows\system32\lodctr.exe
2008-09-04 13:20:11 ----A---- C:\Windows\system32\extmgr.dll
2008-09-04 13:20:10 ----A---- C:\Windows\system32\mscms.dll
2008-09-04 13:20:09 ----A---- C:\Windows\system32\sethc.exe
2008-09-04 13:20:09 ----A---- C:\Windows\system32\pnpui.dll
2008-09-04 13:20:09 ----A---- C:\Windows\system32\iaspolcy.dll
2008-09-04 13:20:08 ----A---- C:\Windows\system32\ulib.dll
2008-09-04 13:20:08 ----A---- C:\Windows\system32\fontsub.dll
2008-09-04 13:20:08 ----A---- C:\Windows\system32\dxdiagn.dll
2008-09-04 13:20:08 ----A---- C:\Windows\system32\cabinet.dll
2008-09-04 13:20:07 ----A---- C:\Windows\system32\oobefldr.dll
2008-09-04 13:20:07 ----A---- C:\Windows\system32\Mcx2Svc.dll
2008-09-04 13:20:06 ----A---- C:\Windows\system32\Utilman.exe
2008-09-04 13:20:05 ----A---- C:\Windows\system32\trkwks.dll
2008-09-04 13:20:04 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2008-09-04 13:20:04 ----A---- C:\Windows\system32\scesrv.dll
2008-09-04 13:20:04 ----A---- C:\Windows\system32\lnkstub.exe
2008-09-04 13:20:03 ----A---- C:\Windows\system32\unattend.dll
2008-09-04 13:20:03 ----A---- C:\Windows\system32\occache.dll
2008-09-04 13:20:02 ----A---- C:\Windows\system32\ogldrv.dll
2008-09-04 13:20:01 ----A---- C:\Windows\system32\cabview.dll
2008-09-04 13:20:00 ----A---- C:\Windows\system32\wermgr.exe
2008-09-04 13:19:59 ----A---- C:\Windows\system32\dfdts.dll
2008-09-04 13:19:57 ----A---- C:\Windows\system32\bthci.dll
2008-09-04 13:19:56 ----A---- C:\Windows\system32\wpcao.dll
2008-09-04 13:19:55 ----A---- C:\Windows\system32\eappgnui.dll
2008-09-04 13:19:54 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2008-09-04 13:19:54 ----A---- C:\Windows\system32\p2pcollab.dll
2008-09-04 13:19:54 ----A---- C:\Windows\system32\msnetobj.dll
2008-09-04 13:19:54 ----A---- C:\Windows\system32\iepeers.dll
2008-09-04 13:19:53 ----A---- C:\Windows\system32\ieaksie.dll
2008-09-04 13:19:53 ----A---- C:\Windows\system32\drvinst.exe
2008-09-04 13:19:53 ----A---- C:\Windows\system32\DHCPQEC.DLL
2008-09-04 13:19:53 ----A---- C:\Windows\system32\basesrv.dll
2008-09-04 13:19:52 ----A---- C:\Windows\system32\dispdiag.exe
2008-09-04 13:19:51 ----A---- C:\Windows\system32\mmcss.dll
2008-09-04 13:19:51 ----A---- C:\Windows\system32\dsquery.dll
2008-09-04 13:19:50 ----A---- C:\Windows\system32\verifier.dll
2008-09-04 13:19:50 ----A---- C:\Windows\system32\RstrtMgr.dll
2008-09-04 13:19:50 ----A---- C:\Windows\system32\efsadu.dll
2008-09-04 13:19:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2008-09-04 13:19:49 ----A---- C:\Windows\system32\secproc_ssp.dll
2008-09-04 13:19:49 ----A---- C:\Windows\system32\mprapi.dll
2008-09-04 13:19:46 ----A---- C:\Windows\system32\qedit.dll
2008-09-04 13:19:45 ----A---- C:\Windows\system32\WMVENCOD.DLL
2008-09-04 13:19:45 ----A---- C:\Windows\system32\wercplsupport.dll
2008-09-04 13:19:43 ----A---- C:\Windows\system32\WPDSp.dll
2008-09-04 13:19:42 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2008-09-04 13:19:42 ----A---- C:\Windows\system32\setupugc.exe
2008-09-04 13:19:42 ----A---- C:\Windows\system32\networkmap.dll
2008-09-04 13:19:42 ----A---- C:\Windows\system32\msoeacct.dll
2008-09-04 13:19:42 ----A---- C:\Windows\system32\icacls.exe
2008-09-04 13:19:42 ----A---- C:\Windows\system32\d3d10core.dll
2008-09-04 13:19:41 ----A---- C:\Windows\system32\iscsiexe.dll
2008-09-04 13:19:41 ----A---- C:\Windows\system32\consent.exe
2008-09-04 13:19:40 ----A---- C:\Windows\system32\wiascanprofiles.dll
2008-09-04 13:19:40 ----A---- C:\Windows\system32\pnrpnsp.dll
2008-09-04 13:19:39 ----A---- C:\Windows\system32\wiaaut.dll
2008-09-04 13:19:39 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2008-09-04 13:19:39 ----A---- C:\Windows\system32\pngfilt.dll
2008-09-04 13:19:39 ----A---- C:\Windows\system32\p2pnetsh.dll
2008-09-04 13:19:38 ----A---- C:\Windows\system32\msdmo.dll
2008-09-04 13:19:36 ----A---- C:\Windows\system32\usercpl.dll
2008-09-04 13:19:35 ----A---- C:\Windows\system32\msrdc.dll
2008-09-04 13:19:35 ----A---- C:\Windows\system32\conime.exe
2008-09-04 13:19:34 ----A---- C:\Windows\system32\xactsrv.dll
2008-09-04 13:19:34 ----A---- C:\Windows\system32\PNPXAssocPrx.dll
2008-09-04 13:19:34 ----A---- C:\Windows\system32\PNPXAssoc.dll
2008-09-04 13:19:34 ----A---- C:\Windows\system32\lsass.exe
2008-09-04 13:19:34 ----A---- C:\Windows\system32\autoplay.dll
2008-09-04 13:19:31 ----A---- C:\Windows\system32\drmmgrtn.dll
2008-09-04 13:19:30 ----A---- C:\Windows\system32\eappprxy.dll
2008-09-04 13:19:29 ----A---- C:\Windows\system32\pcadm.dll
2008-09-04 13:19:29 ----A---- C:\Windows\system32\lpk.dll
2008-09-04 13:19:29 ----A---- C:\Windows\system32\dpapimig.exe
2008-09-04 13:19:28 ----A---- C:\Windows\system32\systeminfo.exe
2008-09-04 13:19:28 ----A---- C:\Windows\system32\findstr.exe
2008-09-04 13:19:27 ----A---- C:\Windows\system32\netcfg.exe
2008-09-04 13:19:26 ----A---- C:\Windows\system32\msrating.dll
2008-09-04 13:19:25 ----A---- C:\Windows\system32\xwizards.dll
2008-09-04 13:19:25 ----A---- C:\Windows\system32\mfplat.dll
2008-09-04 13:19:24 ----A---- C:\Windows\system32\cmdl32.exe
2008-09-04 13:19:23 ----A---- C:\Windows\system32\resutils.dll
2008-09-04 13:19:23 ----A---- C:\Windows\system32\DWWIN.EXE
2008-09-04 13:19:21 ----A---- C:\Windows\system32\alg.exe
2008-09-04 13:19:19 ----A---- C:\Windows\system32\dssec.dll
2008-09-04 13:19:19 ----A---- C:\Windows\system32\dfrgifc.exe
2008-09-04 13:19:18 ----A---- C:\Windows\system32\dot3ui.dll
2008-09-04 13:19:18 ----A---- C:\Windows\system32\dbnetlib.dll
2008-09-04 13:19:17 ----A---- C:\Windows\system32\netprof.dll
2008-09-04 13:19:17 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2008-09-04 13:19:16 ----A---- C:\Windows\system32\powercpl.dll
2008-09-04 13:19:15 ----A---- C:\Windows\system32\odbc32.dll
2008-09-04 13:19:15 ----A---- C:\Windows\regedit.exe
2008-09-04 13:19:12 ----A---- C:\Windows\system32\nshhttp.dll
2008-09-04 13:19:12 ----A---- C:\Windows\system32\imm32.dll
2008-09-04 13:19:12 ----A---- C:\Windows\system32\btpanui.dll
2008-09-04 13:19:11 ----A---- C:\Windows\system32\apircl.dll
2008-09-04 13:19:10 ----A---- C:\Windows\system32\feclient.dll
2008-09-04 13:19:09 ----A---- C:\Windows\system32\txflog.dll
2008-09-04 13:19:07 ----A---- C:\Windows\system32\taskkill.exe
2008-09-04 13:19:07 ----A---- C:\Windows\system32\iexpress.exe
2008-09-04 13:19:06 ----A---- C:\Windows\system32\tbssvc.dll
2008-09-04 13:19:06 ----A---- C:\Windows\system32\dxva2.dll
2008-09-04 13:19:06 ----A---- C:\Windows\system32\dwmapi.dll
2008-09-04 13:19:05 ----A---- C:\Windows\system32\bcdprov.dll
2008-09-04 13:19:04 ----A---- C:\Windows\system32\msieftp.dll
2008-09-04 13:19:03 ----A---- C:\Windows\system32\d3d10.dll
2008-09-04 13:19:03 ----A---- C:\Windows\system32\ActionQueue.dll
2008-09-04 13:19:02 ----A---- C:\Windows\system32\svchost.exe
2008-09-04 13:19:02 ----A---- C:\Windows\system32\RASMM.dll
2008-09-04 13:19:02 ----A---- C:\Windows\system32\provthrd.dll
2008-09-04 13:19:02 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-09-04 13:19:01 ----A---- C:\Windows\system32\syncui.dll
2008-09-04 13:19:01 ----A---- C:\Windows\system32\slwmi.dll
2008-09-04 13:19:01 ----A---- C:\Windows\system32\shwebsvc.dll
2008-09-04 13:19:01 ----A---- C:\Windows\system32\EAPQEC.DLL
2008-09-04 13:19:01 ----A---- C:\Windows\system32\dmocx.dll
2008-09-04 13:19:00 ----A---- C:\Windows\system32\SLCExt.dll
2008-09-04 13:19:00 ----A---- C:\Windows\system32\slcc.dll
2008-09-04 13:19:00 ----A---- C:\Windows\system32\admwprox.dll
2008-09-04 13:18:58 ----A---- C:\Windows\system32\networkexplorer.dll
2008-09-04 13:18:58 ----A---- C:\Windows\system32\aclui.dll
2008-09-04 13:18:57 ----A---- C:\Windows\system32\WMASF.DLL
2008-09-04 13:18:57 ----A---- C:\Windows\system32\raserver.exe
2008-09-04 13:18:57 ----A---- C:\Windows\system32\PnPUnattend.exe
2008-09-04 13:18:57 ----A---- C:\Windows\system32\olepro32.dll
2008-09-04 13:18:57 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-09-04 13:18:57 ----A---- C:\Windows\system32\connect.dll
2008-09-04 13:18:56 ----A---- C:\Windows\system32\xcopy.exe
2008-09-04 13:18:56 ----A---- C:\Windows\system32\uxsms.dll
2008-09-04 13:18:56 ----A---- C:\Windows\system32\UIHub.dll
2008-09-04 13:18:56 ----A---- C:\Windows\system32\taskmgr.exe
2008-09-04 13:18:56 ----A---- C:\Windows\system32\ias.dll
2008-09-04 13:18:56 ----A---- C:\Windows\system32\brcplsdw.dll
2008-09-04 13:18:56 ----A---- C:\Windows\system32\audiodev.dll
2008-09-04 13:18:55 ----A---- C:\Windows\system32\upnp.dll
2008-09-04 13:18:55 ----A---- C:\Windows\system32\reg.exe
2008-09-04 13:18:55 ----A---- C:\Windows\system32\QCLIPROV.DLL
2008-09-04 13:18:55 ----A---- C:\Windows\system32\icsfiltr.dll
2008-09-04 13:18:55 ----A---- C:\Windows\system32\appinfo.dll
2008-09-04 13:18:54 ----A---- C:\Windows\system32\msoert2.dll
2008-09-04 13:18:54 ----A---- C:\Windows\system32\cmstp.exe
2008-09-04 13:18:54 ----A---- C:\Windows\system32\atl.dll
2008-09-04 13:18:53 ----A---- C:\Windows\system32\NapiNSP.dll
2008-09-04 13:18:53 ----A---- C:\Windows\system32\mmcshext.dll
2008-09-04 13:18:52 ----A---- C:\Windows\system32\mountvol.exe
2008-09-04 13:18:51 ----A---- C:\Windows\system32\msjetoledb40.dll
2008-09-04 13:18:51 ----A---- C:\Windows\system32\browser.dll
2008-09-04 13:18:50 ----A---- C:\Windows\system32\wlanext.exe
2008-09-04 13:18:50 ----A---- C:\Windows\system32\perfts.dll
2008-09-04 13:18:49 ----A---- C:\Windows\system32\certprop.dll
2008-09-04 13:18:49 ----A---- C:\Windows\system32\AuxiliaryDisplayApi.dll
2008-09-04 13:18:48 ----A---- C:\Windows\system32\dskquoui.dll
2008-09-04 13:18:47 ----A---- C:\Windows\system32\wmpdxm.dll
2008-09-04 13:18:47 ----A---- C:\Windows\system32\netplwiz.dll
2008-09-04 13:18:46 ----A---- C:\Windows\system32\inetmib1.dll
2008-09-04 13:18:44 ----A---- C:\Windows\system32\PING.EXE
2008-09-04 13:18:44 ----A---- C:\Windows\system32\cewmdm.dll
2008-09-04 13:18:43 ----A---- C:\Windows\system32\WMVXENCD.DLL
2008-09-04 13:18:43 ----A---- C:\Windows\system32\bitsadmin.exe
2008-09-04 13:18:42 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2008-09-04 13:18:42 ----A---- C:\Windows\system32\ieakeng.dll
2008-09-04 13:18:42 ----A---- C:\Windows\system32\httpapi.dll
2008-09-04 13:18:41 ----A---- C:\Windows\system32\SoundRecorder.exe
2008-09-04 13:18:41 ----A---- C:\Windows\system32\qcap.dll
2008-09-04 13:18:41 ----A---- C:\Windows\system32\qasf.dll
2008-09-04 13:18:40 ----A---- C:\Windows\system32\dsuiext.dll
2008-09-04 13:18:40 ----A---- C:\Windows\system32\dmusic.dll
2008-09-04 13:18:39 ----A---- C:\Windows\system32\rekeywiz.exe
2008-09-04 13:18:38 ----A---- C:\Windows\system32\adsmsext.dll
2008-09-04 13:18:37 ----A---- C:\Windows\system32\WUDFSvc.dll
2008-09-04 13:18:37 ----A---- C:\Windows\system32\auditpol.exe
2008-09-04 13:18:36 ----A---- C:\Windows\system32\mscandui.dll
2008-09-04 13:18:35 ----A---- C:\Windows\system32\wmpsrcwp.dll
2008-09-04 13:18:35 ----A---- C:\Windows\system32\SecEdit.exe
2008-09-04 13:18:35 ----A---- C:\Windows\system32\mtstocom.exe
2008-09-04 13:18:34 ----A---- C:\Windows\system32\Sens.dll
2008-09-04 13:18:34 ----A---- C:\Windows\system32\lsmproxy.dll
2008-09-04 13:18:33 ----A---- C:\Windows\system32\WMVSENCD.DLL
2008-09-04 13:18:33 ----A---- C:\Windows\system32\makecab.exe
2008-09-04 13:18:32 ----A---- C:\Windows\system32\batt.dll
2008-09-04 13:18:31 ----A---- C:\Windows\system32\shimgvw.dll
2008-09-04 13:18:31 ----A---- C:\Windows\system32\dot3gpclnt.dll
2008-09-04 13:18:30 ----A---- C:\Windows\system32\xwtpw32.dll
2008-09-04 13:18:30 ----A---- C:\Windows\system32\sbeio.dll
2008-09-04 13:18:29 ----A---- C:\Windows\system32\seclogon.dll
2008-09-04 13:18:29 ----A---- C:\Windows\system32\printcom.dll
2008-09-04 13:18:29 ----A---- C:\Windows\system32\ndfapi.dll
2008-09-04 13:18:28 ----A---- C:\Windows\system32\sppnp.dll
2008-09-04 13:18:27 ----A---- C:\Windows\system32\wzcdlg.dll
2008-09-04 13:18:27 ----A---- C:\Windows\system32\wiashext.dll
2008-09-04 13:18:27 ----A---- C:\Windows\system32\wiadefui.dll
2008-09-04 13:18:27 ----A---- C:\Windows\system32\msdadiag.dll
2008-09-04 13:18:27 ----A---- C:\Windows\system32\dxtrans.dll
2008-09-04 13:18:27 ----A---- C:\Windows\system32\apss.dll
2008-09-04 13:18:26 ----A---- C:\Windows\system32\wscmisetup.dll
2008-09-04 13:18:26 ----A---- C:\Windows\system32\msorcl32.dll
2008-09-04 13:18:25 ----A---- C:\Windows\system32\shacct.dll
2008-09-04 13:18:23 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2008-09-04 13:18:23 ----A---- C:\Windows\system32\userinit.exe
2008-09-04 13:18:23 ----A---- C:\Windows\system32\p2phost.exe
2008-09-04 13:18:23 ----A---- C:\Windows\system32\napipsec.dll
2008-09-04 13:18:22 ----A---- C:\Windows\system32\wpdwcn.dll
2008-09-04 13:18:22 ----A---- C:\Windows\system32\sxstrace.exe
2008-09-04 13:18:22 ----A---- C:\Windows\system32\perfmon.exe
2008-09-04 13:18:21 ----A---- C:\Windows\system32\rrinstaller.exe
2008-09-04 13:18:21 ----A---- C:\Windows\system32\keymgr.dll
2008-09-04 13:18:21 ----A---- C:\Windows\system32\HelpPaneProxy.dll
2008-09-04 13:18:20 ----A---- C:\Windows\system32\winrshost.exe
2008-09-04 13:18:20 ----A---- C:\Windows\system32\tasklist.exe
2008-09-04 13:18:20 ----A---- C:\Windows\system32\ktmutil.exe
2008-09-04 13:18:20 ----A---- C:\Windows\system32\csrsrv.dll
2008-09-04 13:18:18 ----A---- C:\Windows\system32\TapiMigPlugin.dll
2008-09-04 13:18:18 ----A---- C:\Windows\system32\prntvpt.dll
2008-09-04 13:18:18 ----A---- C:\Windows\system32\ftp.exe
2008-09-04 13:18:17 ----A---- C:\Windows\system32\notepad.exe
2008-09-04 13:18:17 ----A---- C:\Windows\system32\MP4SDECD.DLL
2008-09-04 13:18:17 ----A---- C:\Windows\system32\fmifs.dll
2008-09-04 13:18:17 ----A---- C:\Windows\system32\colorui.dll
2008-09-04 13:18:17 ----A---- C:\Windows\notepad.exe
2008-09-04 13:18:16 ----A---- C:\Windows\system32\d3dim700.dll
2008-09-04 13:18:14 ----A---- C:\Windows\system32\UIAutomationCore.dll
2008-09-04 13:18:14 ----A---- C:\Windows\system32\netiougc.exe
2008-09-04 13:18:14 ----A---- C:\Windows\system32\msiexec.exe
2008-09-04 13:18:13 ----A---- C:\Windows\system32\wscproxystub.dll
2008-09-04 13:18:13 ----A---- C:\Windows\system32\driverquery.exe
2008-09-04 13:18:13 ----A---- C:\Windows\system32\cryptdll.dll
2008-09-04 13:18:12 ----A---- C:\Windows\system32\winethc.dll
2008-09-04 13:18:12 ----A---- C:\Windows\system32\mfps.dll
2008-09-04 13:18:11 ----A---- C:\Windows\system32\PnPutil.exe
2008-09-04 13:18:11 ----A---- C:\Windows\system32\pcasvc.dll
2008-09-04 13:18:11 ----A---- C:\Windows\system32\nshipsec.dll
2008-09-04 13:18:11 ----A---- C:\Windows\system32\msimtf.dll
2008-09-04 13:18:10 ----A---- C:\Windows\system32\takeown.exe
2008-09-04 13:18:09 ----A---- C:\Windows\system32\txfw32.dll
2008-09-04 13:18:08 ----A---- C:\Windows\system32\logagent.exe
2008-09-04 13:18:08 ----A---- C:\Windows\system32\inseng.dll
2008-09-04 13:18:07 ----A---- C:\Windows\system32\wmiprop.dll
2008-09-04 13:18:07 ----A---- C:\Windows\system32\pots.dll
2008-09-04 13:18:06 ----A---- C:\Windows\system32\findnetprinters.dll
2008-09-04 13:18:05 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-09-04 13:18:04 ----A---- C:\Windows\system32\wpdbusenum.dll
2008-09-04 13:18:04 ----A---- C:\Windows\system32\powrprof.dll
2008-09-04 13:18:04 ----A---- C:\Windows\system32\capisp.dll
2008-09-04 13:18:02 ----A---- C:\Windows\system32\rasplap.dll
2008-09-04 13:18:02 ----A---- C:\Windows\system32\mfpmp.exe
2008-09-04 13:18:01 ----A---- C:\Windows\system32\fsutil.exe
2008-09-04 13:18:01 ----A---- C:\Windows\system32\dnshc.dll
2008-09-04 13:17:59 ----A---- C:\Windows\system32\shrpubw.exe
2008-09-04 13:17:59 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2008-09-04 13:17:58 ----A---- C:\Windows\system32\sendmail.dll
2008-09-04 13:17:58 ----A---- C:\Windows\system32\perfnet.dll
2008-09-04 13:17:58 ----A---- C:\Windows\system32\nsisvc.dll
2008-09-04 13:17:58 ----A---- C:\Windows\system32\luainstall.dll
2008-09-04 13:17:57 ----A---- C:\Windows\system32\sfc_os.dll
2008-09-04 13:17:57 ----A---- C:\Windows\system32\olecli32.dll
2008-09-04 13:17:57 ----A---- C:\Windows\system32\imapi.dll
2008-09-04 13:17:56 ----A---- C:\Windows\system32\fdPHost.dll
2008-09-04 13:17:55 ----A---- C:\Windows\system32\WLanHC.dll
2008-09-04 13:17:55 ----A---- C:\Windows\system32\wextract.exe
2008-09-04 13:17:55 ----A---- C:\Windows\system32\TMM.dll
2008-09-04 13:17:55 ----A---- C:\Windows\system32\shgina.dll
2008-09-04 13:17:55 ----A---- C:\Windows\system32\RpcPing.exe
2008-09-04 13:17:55 ----A---- C:\Windows\system32\cmmon32.exe
2008-09-04 13:17:54 ----A---- C:\Windows\system32\rshx32.dll
2008-09-04 13:17:54 ----A---- C:\Windows\system32\ktmw32.dll
2008-09-04 13:17:54 ----A---- C:\Windows\system32\d3dim.dll
2008-09-04 13:17:53 ----A---- C:\Windows\system32\runonce.exe
2008-09-04 13:17:53 ----A---- C:\Windows\system32\compstui.dll
2008-09-04 13:17:52 ----A---- C:\Windows\system32\wiaacmgr.exe
2008-09-04 13:17:52 ----A---- C:\Windows\system32\version.dll
2008-09-04 13:17:51 ----A---- C:\Windows\system32\WMADMOE.DLL
2008-09-04 13:17:51 ----A---- C:\Windows\system32\dimsjob.dll
2008-09-04 13:17:50 ----A---- C:\Windows\system32\getmac.exe
2008-09-04 13:17:50 ----A---- C:\Windows\system32\cmlua.dll
2008-09-04 13:17:49 ----A---- C:\Windows\system32\unregmp2.exe
2008-09-04 13:17:49 ----A---- C:\Windows\system32\UI0Detect.exe
2008-09-04 13:17:49 ----A---- C:\Windows\system32\mdminst.dll
2008-09-04 13:17:48 ----A---- C:\Windows\system32\dsauth.dll
2008-09-04 13:17:47 ----A---- C:\Windows\system32\net.exe
2008-09-04 13:17:47 ----A---- C:\Windows\system32\msvfw32.dll
2008-09-04 13:17:46 ----A---- C:\Windows\system32\w32tm.exe
2008-09-04 13:17:46 ----A---- C:\Windows\system32\MPG4DECD.DLL
2008-09-04 13:17:46 ----A---- C:\Windows\system32\MP43DECD.DLL
2008-09-04 13:17:44 ----A---- C:\Windows\system32\imgutil.dll
2008-09-04 13:17:43 ----A---- C:\Windows\system32\tscupgrd.exe
2008-09-04 13:17:41 ----A---- C:\Windows\system32\wmpshell.dll
2008-09-04 13:17:40 ----A---- C:\Windows\system32\ipconfig.exe
2008-09-04 13:17:40 ----A---- C:\Windows\system32\credui.dll
2008-09-04 13:17:40 ----A---- C:\Windows\system32\ACW.exe
2008-09-04 13:17:39 ----A---- C:\Windows\system32\sdchange.exe
2008-09-04 13:17:37 ----A---- C:\Windows\system32\migisol.dll
2008-09-04 13:17:37 ----A---- C:\Windows\system32\fdeploy.dll
2008-09-04 13:17:36 ----A---- C:\Windows\system32\pnpts.dll
2008-09-04 13:17:35 ----A---- C:\Windows\system32\PortableDeviceWiaCompat.dll
2008-09-04 13:17:35 ----A---- C:\Windows\system32\cmutil.dll
2008-09-04 13:17:34 ----A---- C:\Windows\system32\dispci.dll
2008-09-04 13:17:34 ----A---- C:\Windows\system32\diantz.exe
2008-09-04 13:17:34 ----A---- C:\Windows\system32\comrepl.dll
2008-09-04 13:17:33 ----A---- C:\Windows\system32\sfc.exe
2008-09-04 13:17:31 ----A---- C:\Windows\system32\dinput8.dll
2008-09-04 13:17:29 ----A---- C:\Windows\system32\TSTheme.exe
2008-09-04 13:17:27 ----A---- C:\Windows\system32\ExplorerFrame.dll
2008-09-04 13:17:26 ----A---- C:\Windows\system32\remotepg.dll
2008-09-04 13:17:26 ----A---- C:\Windows\system32\nlaapi.dll
2008-09-04 13:17:25 ----A---- C:\Windows\system32\EncDump.dll
2008-09-04 13:17:24 ----A---- C:\Windows\system32\pdhui.dll
2008-09-04 13:17:24 ----A---- C:\Windows\system32\cfgbkend.dll
2008-09-04 13:17:23 ----A---- C:\Windows\system32\wmidx.dll
2008-09-04 13:17:22 ----A---- C:\Windows\system32\fwcfg.dll
2008-09-04 13:17:22 ----A---- C:\Windows\system32\expand.exe
2008-09-04 13:17:21 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2008-09-04 13:17:21 ----A---- C:\Windows\system32\vdmredir.dll
2008-09-04 13:17:20 ----A---- C:\Windows\system32\softkbd.dll
2008-09-04 13:17:20 ----A---- C:\Windows\system32\colbact.dll
2008-09-04 13:17:19 ----A---- C:\Windows\system32\utildll.dll
2008-09-04 13:17:19 ----A---- C:\Windows\system32\TpmInit.exe
2008-09-04 13:17:19 ----A---- C:\Windows\system32\hlink.dll
2008-09-04 13:17:18 ----A---- C:\Windows\system32\modemui.dll
2008-09-04 13:17:17 ----A---- C:\Windows\system32\McxDriv.dll
2008-09-04 13:17:17 ----A---- C:\Windows\system32\bridgeunattend.exe
2008-09-04 13:17:16 ----A---- C:\Windows\system32\iernonce.dll
2008-09-04 13:17:15 ----A---- C:\Windows\system32\wmvdspa.dll
2008-09-04 13:17:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2008-09-04 13:17:15 ----A---- C:\Windows\system32\amstream.dll
2008-09-04 13:17:14 ----A---- C:\Windows\system32\bootcfg.exe
2008-09-04 13:17:13 ----A---- C:\Windows\system32\sti_ci.dll
2008-09-04 13:17:12 ----A---- C:\Windows\system32\wsnmp32.dll
2008-09-04 13:17:12 ----A---- C:\Windows\system32\rdrleakdiag.exe
2008-09-04 13:17:12 ----A---- C:\Windows\system32\esentutl.exe
2008-09-04 13:17:11 ----A---- C:\Windows\system32\vds_ps.dll
2008-09-04 13:17:10 ----A---- C:\Windows\system32\waitfor.exe
2008-09-04 13:17:10 ----A---- C:\Windows\system32\logman.exe
2008-09-04 13:17:10 ----A---- C:\Windows\system32\iscsium.dll
2008-09-04 13:17:10 ----A---- C:\Windows\system32\cmcfg32.dll
2008-09-04 13:17:10 ----A---- C:\Windows\system32\admparse.dll
2008-09-04 13:17:09 ----A---- C:\Windows\system32\tabcal.exe
2008-09-04 13:17:09 ----A---- C:\Windows\system32\qdv.dll
2008-09-04 13:17:09 ----A---- C:\Windows\system32\dpnet.dll
2008-09-04 13:17:08 ----A---- C:\Windows\system32\osblprov.dll
2008-09-04 13:17:08 ----A---- C:\Windows\system32\odbccp32.dll
2008-09-04 13:17:06 ----A---- C:\Windows\system32\shutdown.exe
2008-09-04 13:17:06 ----A---- C:\Windows\system32\cacls.exe
2008-09-04 13:17:05 ----A---- C:\Windows\system32\WsmCl.dll
2008-09-04 13:17:05 ----A---- C:\Windows\system32\wfapigp.dll
2008-09-04 13:17:04 ----A---- C:\Windows\system32\msdtc.exe
2008-09-04 13:17:04 ----A---- C:\Windows\system32\DpiScaling.exe
2008-09-04 13:17:03 ----A---- C:\Windows\system32\wmpcm.dll
2008-09-04 13:17:03 ----A---- C:\Windows\system32\olesvr32.dll
2008-09-04 13:17:03 ----A---- C:\Windows\system32\dmsynth.dll
2008-09-04 13:17:02 ----A---- C:\Windows\system32\COLORCNV.DLL
2008-09-04 13:17:01 ----A---- C:\Windows\system32\rasauto.dll
2008-09-04 13:17:01 ----A---- C:\Windows\system32\olethk32.dll
2008-09-04 13:17:01 ----A---- C:\Windows\system32\mfvdsp.dll
2008-09-04 13:17:00 ----A---- C:\Windows\system32\wpnpinst.exe
2008-09-04 13:17:00 ----A---- C:\Windows\system32\werdiagcontroller.dll
2008-09-04 13:17:00 ----A---- C:\Windows\system32\iscsiwmi.dll
2008-09-04 13:16:59 ----A---- C:\Windows\system32\mstext40.dll
2008-09-04 13:16:57 ----A---- C:\Windows\system32\wavemsp.dll
2008-09-04 13:16:57 ----A---- C:\Windows\system32\ufat.dll
2008-09-04 13:16:56 ----A---- C:\Windows\system32\SLLUA.exe
2008-09-04 13:16:54 ----A---- C:\Windows\system32\sxproxy.dll
2008-09-04 13:16:54 ----A---- C:\Windows\system32\at.exe
2008-09-04 13:16:53 ----A---- C:\Windows\system32\msctfui.dll
2008-09-04 13:16:52 ----A---- C:\Windows\system32\odbctrac.dll
2008-09-04 13:16:52 ----A---- C:\Windows\system32\networkitemfactory.dll
2008-09-04 13:16:51 ----A---- C:\Windows\system32\rgb9rast.dll
2008-09-04 13:16:50 ----A---- C:\Windows\system32\mshta.exe
2008-09-04 13:16:50 ----A---- C:\Windows\system32\iisreset.exe
2008-09-04 13:16:50 ----A---- C:\Windows\system32\convert.exe
2008-09-04 13:16:49 ----A---- C:\Windows\system32\ucsvc.exe
2008-09-04 13:16:49 ----A---- C:\Windows\system32\RegCtrl.dll
2008-09-04 13:16:49 ----A---- C:\Windows\system32\itss.dll
2008-09-04 13:16:48 ----A---- C:\Windows\system32\xmlprovi.dll
2008-09-04 13:16:47 ----A---- C:\Windows\system32\mobsync.exe
2008-09-04 13:16:47 ----A---- C:\Windows\system32\licmgr10.dll
2008-09-04 13:16:47 ----A---- C:\Windows\system32\csrstub.exe
2008-09-04 13:16:46 ----A---- C:\Windows\system32\bitsigd.dll
2008-09-04 13:16:45 ----A---- C:\Windows\system32\TimeDateMUICallback.dll
2008-09-04 13:16:45 ----A---- C:\Windows\system32\prevhost.exe
2008-09-04 13:16:44 ----A---- C:\Windows\system32\iscsied.dll
2008-09-04 13:16:44 ----A---- C:\Windows\system32\AuthFWGP.dll
2008-09-04 13:16:43 ----A---- C:\Windows\system32\netbtugc.exe
2008-09-04 13:16:43 ----A---- C:\Windows\system32\dskquota.dll
2008-09-04 13:16:41 ----A---- C:\Windows\system32\tbs.dll
2008-09-04 13:16:40 ----A---- C:\Windows\system32\rasdiag.dll
2008-09-04 13:16:40 ----A---- C:\Windows\system32\AtBroker.exe
2008-09-04 13:16:39 ----A---- C:\Windows\system32\cscdll.dll
2008-09-04 13:16:38 ----A---- C:\Windows\system32\unattendedjoin.exe
2008-09-04 13:16:38 ----A---- C:\Windows\system32\setupcln.dll
2008-09-04 13:16:38 ----A---- C:\Windows\system32\ocsetup.exe
2008-09-04 13:16:38 ----A---- C:\Windows\system32\GuidedHelp.dll
2008-09-04 13:16:38 ----A---- C:\Windows\system32\fphc.dll
2008-09-04 13:16:37 ----A---- C:\Windows\system32\dmime.dll
2008-09-04 13:16:36 ----A---- C:\Windows\system32\winnsi.dll
2008-09-04 13:16:36 ----A---- C:\Windows\system32\mydocs.dll
2008-09-04 13:16:36 ----A---- C:\Windows\system32\l2gpstore.dll
2008-09-04 13:16:36 ----A---- C:\Windows\system32\cmpbk32.dll
2008-09-04 13:16:32 ----A---- C:\Windows\system32\regini.exe
2008-09-04 13:16:32 ----A---- C:\Windows\system32\dsdmo.dll
2008-09-04 13:16:31 ----A---- C:\Windows\system32\napdsnap.dll
2008-09-04 13:16:31 ----A---- C:\Windows\system32\dot3dlg.dll
2008-09-04 13:16:31 ----A---- C:\Windows\system32\devenum.dll
2008-09-04 13:16:31 ----A---- C:\Windows\system32\apilogen.dll
2008-09-04 13:16:31 ----A---- C:\Windows\system32\amxread.dll
2008-09-04 13:16:30 ----A---- C:\Windows\system32\odbccr32.dll
2008-09-04 13:16:30 ----A---- C:\Windows\system32\msdart.dll
2008-09-04 13:16:29 ----A---- C:\Windows\system32\usbui.dll
2008-09-04 13:16:29 ----A---- C:\Windows\system32\odbccu32.dll
2008-09-04 13:16:29 ----A---- C:\Windows\system32\msident.dll
2008-09-04 13:16:28 ----A---- C:\Windows\system32\cmstplua.dll
2008-09-04 13:16:26 ----A---- C:\Windows\system32\VIDRESZR.DLL
2008-09-04 13:16:25 ----A---- C:\Windows\system32\RacAgent.exe
2008-09-04 13:16:25 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2008-09-04 13:16:24 ----A---- C:\Windows\system32\wpclsp.dll
2008-09-04 13:16:24 ----A---- C:\Windows\system32\gpupdate.exe
2008-09-04 13:16:23 ----A---- C:\Windows\system32\WINSRPC.DLL
2008-09-04 13:16:23 ----A---- C:\Windows\system32\avrt.dll
2008-09-04 13:16:22 ----A---- C:\Windows\system32\upnpcont.exe
2008-09-04 13:16:22 ----A---- C:\Windows\system32\mtxlegih.dll
2008-09-04 13:16:22 ----A---- C:\Windows\system32\mtxdm.dll
2008-09-04 13:16:21 ----A---- C:\Windows\system32\vss_ps.dll
2008-09-04 13:16:21 ----A---- C:\Windows\system32\nsi.dll
2008-09-04 13:16:20 ----A---- C:\Windows\system32\srwmi.dll
2008-09-04 13:16:20 ----A---- C:\Windows\system32\nbtstat.exe
2008-09-04 13:16:19 ----A---- C:\Windows\system32\mfcsubs.dll
2008-09-04 13:16:19 ----A---- C:\Windows\system32\graftabl.com
2008-09-04 13:16:17 ----A---- C:\Windows\system32\vfwwdm32.dll
2008-09-04 13:16:17 ----A---- C:\Windows\system32\syskey.exe
2008-09-04 13:16:17 ----A---- C:\Windows\system32\rasphone.exe
2008-09-04 13:16:17 ----A---- C:\Windows\system32\netevent.dll
2008-09-04 13:16:16 ----A---- C:\Windows\system32\wsock32.dll
2008-09-04 13:16:16 ----A---- C:\Windows\system32\WavDest.dll
2008-09-04 13:16:16 ----A---- C:\Windows\system32\msexcl40.dll
2008-09-04 13:16:15 ----A---- C:\Windows\system32\wiarpc.dll
2008-09-04 13:16:15 ----A---- C:\Windows\system32\odbcbcp.dll
2008-09-04 13:16:15 ----A---- C:\Windows\system32\ndfetw.dll
2008-09-04 13:16:14 ----A---- C:\Windows\system32\ROUTE.EXE
2008-09-04 13:16:14 ----A---- C:\Windows\system32\extrac32.exe
2008-09-04 13:16:13 ----A---- C:\Windows\system32\procinst.dll
2008-09-04 13:16:13 ----A---- C:\Windows\system32\MP3DMOD.DLL
2008-09-04 13:16:13 ----A---- C:\Windows\system32\eventcls.dll
2008-09-04 13:16:11 ----A---- C:\Windows\system32\csrss.exe
2008-09-04 13:16:10 ----A---- C:\Windows\system32\WindowsAnytimeUpgrade.exe
2008-09-04 13:16:10 ----A---- C:\Windows\system32\d3dxof.dll
2008-09-04 13:16:10 ----A---- C:\Windows\system32\atmfd.dll
2008-09-04 13:16:09 ----A---- C:\Windows\system32\wiadss.dll
2008-09-04 13:16:09 ----A---- C:\Windows\system32\TabbtnEx.dll
2008-09-04 13:16:09 ----A---- C:\Windows\system32\inetppui.dll
2008-09-04 13:16:08 ----A---- C:\Windows\system32\WlanMmHC.dll
2008-09-04 13:16:08 ----A---- C:\Windows\system32\psbase.dll
2008-09-04 13:16:08 ----A---- C:\Windows\system32\dmscript.dll
2008-09-04 13:16:07 ----A---- C:\Windows\system32\Tabbtn.dll
2008-09-04 13:16:06 ----A---- C:\Windows\system32\CertEnrollCtrl.exe
2008-09-04 13:16:04 ----A---- C:\Windows\fveupdate.exe
2008-09-04 13:16:03 ----A---- C:\Windows\system32\msxbde40.dll
2008-09-04 13:16:02 ----A---- C:\Windows\system32\dmloader.dll
2008-09-04 13:15:55 ----A---- C:\Windows\system32\credssp.dll
2008-09-04 13:15:54 ----A---- C:\Windows\system32\Netplwiz.exe
2008-09-04 13:15:54 ----A---- C:\Windows\system32\msltus40.dll
2008-09-04 13:15:53 ----A---- C:\Windows\system32\wshcon.dll
2008-09-04 13:15:51 ----A---- C:\Windows\system32\mspbde40.dll
2008-09-04 13:15:51 ----A---- C:\Windows\system32\icsunattend.exe
2008-09-04 13:15:48 ----A---- C:\Windows\system32\PlaySndSrv.dll
2008-09-04 13:15:47 ----A---- C:\Windows\system32\WsmRes.dll
2008-09-04 13:15:46 ----A---- C:\Windows\system32\HotStartUserAgent.dll
2008-09-04 13:15:45 ----A---- C:\Windows\system32\wship6.dll
2008-09-04 13:15:45 ----A---- C:\Windows\system32\sxsstore.dll
2008-09-04 13:15:44 ----A---- C:\Windows\system32\WSHTCPIP.DLL
2008-09-04 13:15:44 ----A---- C:\Windows\system32\msvidc32.dll
2008-09-04 13:15:44 ----A---- C:\Windows\system32\lltdapi.dll
2008-09-04 13:15:43 ----A---- C:\Windows\system32\localui.dll
2008-09-04 13:15:43 ----A---- C:\Windows\system32\ComputerDefaults.exe
2008-09-04 13:15:42 ----A---- C:\Windows\system32\setupSNK.exe
2008-09-04 13:15:41 ----A---- C:\Windows\system32\LangCleanupSysprepAction.dll
2008-09-04 13:15:41 ----A---- C:\Windows\system32\icaapi.dll
2008-09-04 13:15:40 ----A---- C:\Windows\system32\tcpmon.ini
2008-09-04 13:15:39 ----A---- C:\Windows\system32\slwga.dll
2008-09-04 13:15:39 ----A---- C:\Windows\system32\OptionalFeatures.exe
2008-09-04 13:15:36 ----A---- C:\Windows\system32\sbunattend.exe
2008-09-04 13:15:35 ----A---- C:\Windows\system32\dmutil.dll
2008-09-04 13:15:32 ----A---- C:\Windows\system32\serialui.dll
2008-09-04 13:15:31 ----A---- C:\Windows\system32\usbperf.dll
2008-09-04 13:15:31 ----A---- C:\Windows\system32\spopk.dll
2008-09-04 13:15:30 ----A---- C:\Windows\system32\NcdProp.dll
2008-09-04 13:15:26 ----A---- C:\Windows\system32\cofiredm.dll
2008-09-04 13:15:25 ----A---- C:\Windows\system32\odbcconf.dll
2008-09-04 13:15:22 ----A---- C:\Windows\system32\msfeedssync.exe
2008-09-04 13:15:22 ----A---- C:\Windows\system32\hbaapi.dll
2008-09-04 13:15:17 ----A---- C:\Windows\system32\rasctrs.dll
2008-09-04 13:15:17 ----A---- C:\Windows\system32\msobjs.dll
2008-09-04 13:15:17 ----A---- C:\Windows\system32\ieencode.dll
2008-09-04 13:15:16 ----A---- C:\Windows\system32\corpol.dll
2008-09-04 13:15:13 ----A---- C:\Windows\system32\midimap.dll
2008-09-04 13:15:13 ----A---- C:\Windows\system32\hnetmon.dll
2008-09-04 13:15:11 ----A---- C:\Windows\system32\InfDefaultInstall.exe
2008-09-04 13:15:10 ----A---- C:\Windows\system32\vdmdbg.dll
2008-09-04 13:15:10 ----A---- C:\Windows\system32\esentprf.dll
2008-09-04 13:15:09 ----A---- C:\Windows\system32\url.dll
2008-09-04 13:15:09 ----A---- C:\Windows\system32\nlsbres.dll
2008-09-04 13:15:09 ----A---- C:\Windows\system32\LogonUI.exe
2008-09-04 13:15:09 ----A---- C:\Windows\system32\iprtprio.dll
2008-09-04 13:15:05 ----A---- C:\Windows\system32\sdspres.dll
2008-09-04 13:15:01 ----A---- C:\Windows\system32\osbaseln.dll
2008-09-04 13:15:01 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-09-04 13:14:54 ----A---- C:\Windows\system32\msisip.dll
2008-09-04 13:14:50 ----A---- C:\Windows\system32\msmmsp.dll
2008-09-04 13:14:44 ----A---- C:\Windows\system32\dispex.dll
2008-09-04 13:14:43 ----A---- C:\Windows\system32\winusb.dll
2008-09-04 13:14:42 ----A---- C:\Windows\system32\rdpcfgex.dll
2008-09-04 13:14:31 ----A---- C:\Windows\system32\Nlsdl.dll
2008-09-04 13:14:30 ----A---- C:\Windows\system32\riched32.dll
2008-09-04 13:14:29 ----A---- C:\Windows\system32\spwmp.dll
2008-09-04 13:14:29 ----A---- C:\Windows\system32\msidle.dll
2008-09-04 13:14:29 ----A---- C:\Windows\system32\idndl.dll
2008-09-04 13:14:23 ----A---- C:\Windows\system32\KBDKOR.DLL
2008-09-04 13:14:23 ----A---- C:\Windows\system32\KBDJPN.DLL
2008-09-04 13:14:20 ----A---- C:\Windows\system32\iscsilog.dll
2008-09-04 13:14:17 ----A---- C:\Windows\system32\vga256.dll
2008-09-04 13:14:16 ----A---- C:\Windows\system32\tsddd.dll
2008-09-04 13:14:16 ----A---- C:\Windows\system32\dxmasf.dll
2008-09-04 13:14:15 ----A---- C:\Windows\system32\wmploc.DLL
2008-09-04 13:14:15 ----A---- C:\Windows\system32\framebuf.dll
2008-09-04 13:14:13 ----A---- C:\Windows\system32\vga64k.dll
2008-09-04 13:14:12 ----A---- C:\Windows\system32\vga.dll
2008-09-04 13:14:11 ----A---- C:\Windows\system32\bootstr.dll
2008-09-04 13:14:10 ----A---- C:\Windows\system32\dmdskres2.dll
2008-09-04 13:14:09 ----A---- C:\Windows\system32\spwizres.dll
2008-09-04 13:14:09 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-09-04 13:13:59 ----A---- C:\Windows\system32\gatherWiredInfo.vbs
2008-09-04 13:13:54 ----A---- C:\Windows\system32\gatherWirelessInfo.vbs
2008-09-04 13:13:54 ----A---- C:\Windows\system32\fsmgmt.msc
2008-09-04 13:13:41 ----A---- C:\Windows\system32\perfmon.msc
2008-09-04 13:13:40 ----A---- C:\Windows\system32\vsp1cln.exe
2008-09-04 13:11:30 ----A---- C:\Windows\system32\xmllite.dll
2008-09-04 13:11:26 ----A---- C:\Windows\system32\wbemcomn.dll
2008-09-04 13:11:08 ----A---- C:\Windows\system32\SmiInstaller.dll
2008-09-04 13:11:08 ----A---- C:\Windows\system32\SmiEngine.dll
2008-09-04 13:10:43 ----A---- C:\Windows\system32\wdscore.dll
2008-09-04 13:10:43 ----A---- C:\Windows\system32\PkgMgr.exe
2008-09-04 13:10:08 ----A---- C:\Windows\system32\drvstore.dll
2008-09-04 13:10:07 ----A---- C:\Windows\system32\mspatcha.dll
2008-09-04 13:10:07 ----A---- C:\Windows\system32\msdelta.dll
2008-09-04 13:10:07 ----A---- C:\Windows\system32\dpx.dll
2008-09-04 11:41:54 ----D---- C:\ProgramData\Last.fm
2008-09-04 11:10:20 ----D---- C:\ProgramData\Creative
2008-09-04 11:08:56 ----A---- C:\Windows\system32\wrap_oal.dll
2008-09-04 11:08:56 ----A---- C:\Windows\system32\tmp26C1.tmp
2008-09-04 11:08:55 ----N---- C:\Windows\system32\Sens_oal.dll
2008-09-04 11:08:33 ----N---- C:\Windows\system32\CmdRtr.dll
2008-09-04 11:08:33 ----N---- C:\Windows\system32\APOMngr.dll
2008-09-04 11:01:12 ----D---- C:\Users\Ifan\AppData\Roaming\PCToolsFirewallPlus
2008-09-04 10:19:13 ----D---- C:\Program Files\Common Files\PC Tools
2008-09-04 10:19:08 ----D---- C:\Program Files\PC Tools Firewall Plus
2008-09-04 10:17:59 ----D---- C:\ProgramData\PC Tools
2008-09-04 10:17:59 ----D---- C:\Program Files\ThreatFire
2008-09-04 09:07:46 ----D---- C:\Program Files\Teamspeak2_RC2
2008-09-02 19:43:28 ----HDC---- C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-02 19:19:00 ----D---- C:\inetpub
2008-09-02 18:00:49 ----A---- C:\Windows\system32\infocardapi.dll
2008-09-02 18:00:47 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-09-02 18:00:44 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2008-09-02 18:00:44 ----A---- C:\Windows\system32\icardres.dll
2008-09-02 18:00:44 ----A---- C:\Windows\system32\icardagt.exe
2008-09-02 18:00:40 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2008-09-02 18:00:32 ----A---- C:\Windows\system32\PresentationHost.exe
2008-09-02 17:47:48 ----A---- C:\Windows\system32\dfshim.dll
2008-09-02 17:47:42 ----A---- C:\Windows\system32\mscoree.dll
2008-09-02 17:47:40 ----A---- C:\Windows\system32\netfxperf.dll
2008-09-02 17:47:19 ----A---- C:\Windows\system32\mscorier.dll
2008-09-02 17:47:05 ----A---- C:\Windows\system32\mscories.dll
2008-09-02 17:17:57 ----D---- C:\76dbc37483e8c142b5e2a06cdf17df
2008-09-02 17:17:12 ----RHD---- C:\AHCache
2008-09-02 17:17:05 ----D---- C:\26fe4492d8b48c8f15585646191d00
2008-09-02 14:57:36 ----D---- C:\ProgramData\DriverScanner
2008-09-02 14:55:56 ----HDC---- C:\ProgramData\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2008-09-02 14:44:02 ----D---- C:\Program Files\Uniblue
2008-09-02 14:17:31 ----D---- C:\Users\Ifan\AppData\Roaming\Uniblue
2008-08-29 10:05:44 ----A---- C:\Windows\system32\RacEngn.dll
2008-08-27 22:03:26 ----A---- C:\Windows\system32\xfcodec.dll
2008-08-27 10:16:09 ----A---- C:\Windows\system32\gameux.dll
2008-08-26 12:11:54 ----A---- C:\Windows\system32\wups2.dll
2008-08-26 12:11:54 ----A---- C:\Windows\system32\wucltux.dll
2008-08-26 12:11:54 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-26 12:11:53 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-26 12:11:27 ----A---- C:\Windows\system32\wups.dll
2008-08-26 12:11:27 ----A---- C:\Windows\system32\wudriver.dll
2008-08-26 12:11:27 ----A---- C:\Windows\system32\wuapi.dll
2008-08-26 12:10:59 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-26 12:10:58 ----A---- C:\Windows\system32\wuapp.exe
2008-08-26 11:42:26 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-08-26 11:42:26 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-08-26 11:42:25 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-08-26 11:42:25 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-08-26 11:42:25 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-08-26 11:42:25 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-08-26 11:42:25 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-08-26 11:42:24 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-08-26 11:42:23 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-08-26 11:42:23 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-08-26 11:42:22 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-08-26 11:42:22 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-08-26 11:42:22 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-08-26 11:42:21 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-08-26 11:42:21 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-08-26 11:42:21 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-08-26 11:42:20 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-08-26 11:42:20 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-08-26 11:42:20 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-08-26 11:42:19 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-08-26 11:42:19 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-08-26 11:42:19 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-08-26 11:42:18 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-08-26 11:42:18 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-08-26 11:42:18 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-08-26 11:42:18 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-08-26 11:42:18 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-08-26 11:42:17 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-08-26 11:42:17 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-08-26 11:42:12 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-08-26 11:42:11 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-08-26 11:42:11 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-08-26 11:42:11 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-08-26 11:42:10 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-08-26 11:42:10 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-08-26 11:42:09 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-08-26 11:42:09 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-08-26 11:42:09 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-08-26 11:42:08 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-08-26 11:42:07 ----A---- C:\Windows\system32\NlsData0045.dll
2008-08-26 11:42:06 ----A---- C:\Windows\system32\NlsData0049.dll
2008-08-26 11:42:06 ----A---- C:\Windows\system32\NlsData0047.dll
2008-08-26 11:42:06 ----A---- C:\Windows\system32\NlsData0046.dll
2008-08-26 11:42:05 ----A---- C:\Windows\system32\NlsData0039.dll
2008-08-26 11:42:05 ----A---- C:\Windows\system32\NlsData0022.dll
2008-08-26 11:42:05 ----A---- C:\Windows\system32\NlsData0021.dll
2008-08-26 11:42:05 ----A---- C:\Windows\system32\NlsData0020.dll
2008-08-26 11:42:04 ----A---- C:\Windows\system32\NlsData0026.dll
2008-08-26 11:42:04 ----A---- C:\Windows\system32\NlsData0024.dll
2008-08-26 11:42:03 ----A---- C:\Windows\system32\NlsData0027.dll
2008-08-26 11:42:02 ----A---- C:\Windows\system32\NlsData0011.dll
2008-08-26 11:42:02 ----A---- C:\Windows\system32\NlsData0010.dll
2008-08-26 11:42:00 ----A---- C:\Windows\system32\NlsData0019.dll
2008-08-26 11:42:00 ----A---- C:\Windows\system32\NlsData0018.dll
2008-08-26 11:42:00 ----A---- C:\Windows\system32\NlsData0013.dll
2008-08-26 11:42:00 ----A---- C:\Windows\system32\NlsData0001.dll
2008-08-26 11:42:00 ----A---- C:\Windows\system32\NlsData0000.dll
2008-08-26 11:41:59 ----A---- C:\Windows\system32\NlsData0007.dll
2008-08-26 11:41:59 ----A---- C:\Windows\system32\NlsData0003.dll
2008-08-26 11:41:59 ----A---- C:\Windows\system32\NlsData0002.dll
2008-08-26 11:41:58 ----A---- C:\Windows\system32\NlsData004b.dll
2008-08-26 11:41:58 ----A---- C:\Windows\system32\NlsData004a.dll
2008-08-26 11:41:58 ----A---- C:\Windows\system32\NlsData0009.dll
2008-08-26 11:41:57 ----A---- C:\Windows\system32\NlsData004e.dll
2008-08-26 11:41:57 ----A---- C:\Windows\system32\NlsData004c.dll
2008-08-26 11:41:57 ----A---- C:\Windows\system32\NlsData003e.dll
2008-08-26 11:41:56 ----A---- C:\Windows\system32\NlsData002a.dll
2008-08-26 11:41:55 ----A---- C:\Windows\system32\NlsData001b.dll
2008-08-26 11:41:55 ----A---- C:\Windows\system32\NlsData001a.dll
2008-08-26 11:41:54 ----A---- C:\Windows\system32\NlsData001d.dll
2008-08-26 11:41:53 ----A---- C:\Windows\system32\NlsData000d.dll
2008-08-26 11:41:53 ----A---- C:\Windows\system32\NlsData000c.dll
2008-08-26 11:41:53 ----A---- C:\Windows\system32\NlsData000a.dll
2008-08-26 11:41:52 ----A---- C:\Windows\system32\NlsData0416.dll
2008-08-26 11:41:52 ----A---- C:\Windows\system32\NlsData0414.dll
2008-08-26 11:41:52 ----A---- C:\Windows\system32\NlsData000f.dll
2008-08-26 11:41:52 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-08-26 11:41:51 ----A---- C:\Windows\system32\NlsData081a.dll
2008-08-26 11:41:51 ----A---- C:\Windows\system32\NlsData0816.dll
2008-08-26 11:41:50 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-08-26 11:41:50 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-08-25 20:30:51 ----A---- C:\Windows\system32\es.dll
2008-08-25 20:30:06 ----A---- C:\Windows\system32\hcrstco.dll
2008-08-25 20:30:06 ----A---- C:\Windows\system32\hccoin.dll
2008-08-25 20:28:34 ----A---- C:\Windows\system32\wininet.dll
2008-08-25 20:28:34 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-25 20:28:33 ----A---- C:\Windows\system32\ieui.dll
2008-08-25 20:28:33 ----A---- C:\Windows\system32\ieframe.dll
2008-08-25 20:28:32 ----A---- C:\Windows\system32\mshtml.dll
2008-08-25 20:28:30 ----A---- C:\Windows\system32\urlmon.dll
2008-08-25 20:28:30 ----A---- C:\Windows\system32\mstime.dll
2008-08-25 20:26:29 ----A---- C:\Windows\system32\psisdecd.dll
2008-08-25 20:26:29 ----A---- C:\Windows\system32\EncDec.dll
2008-08-25 02:56:43 ----D---- C:\Windows\Panther
2008-08-25 02:56:23 ----A---- C:\Windows\system32\idecoiins.dll
2008-08-25 02:56:23 ----A---- C:\Windows\system32\idecoi.dll
2008-08-25 02:56:22 ----A---- C:\Windows\system32\SilSupp.dll
2008-08-25 02:56:21 ----A---- C:\Windows\system32\nvunrm.exe
2008-08-25 02:56:21 ----A---- C:\Windows\system32\nvconrm.dll
2008-08-25 02:56:21 ----A---- C:\Windows\system32\fdco1ins.dll
2008-08-25 02:56:21 ----A---- C:\Windows\system32\fdco1.dll
2008-08-25 02:55:47 ----A---- C:\Windows\system32\P17res.dll
2008-08-25 02:55:47 ----A---- C:\Windows\system32\nvcod100.dll
2008-08-25 02:55:10 ----A---- C:\Windows\system32\nvcodhins.dll
2008-08-25 02:55:10 ----A---- C:\Windows\system32\nvcodh.dll
2008-08-25 02:55:10 ----A---- C:\Windows\system32\nvcod130.dll
2008-08-25 02:55:09 ----A---- C:\Windows\system32\nvvsvc.exe
2008-08-25 02:55:08 ----A---- C:\Windows\system32\nvsvc.dll
2008-08-25 02:55:08 ----A---- C:\Windows\system32\nvmctray.dll
2008-08-25 02:55:05 ----A---- C:\Windows\system32\nvapi.dll
2008-08-25 02:55:04 ----A---- C:\Windows\system32\nvd3dum.dll
2008-08-25 02:53:55 ----D---- C:\Windows\Debug
2008-08-25 02:36:52 ----HD---- C:\$WINDOWS.~Q
2008-08-25 02:28:13 ----HD---- C:\$INPLACE.~TR
2008-08-25 01:26:39 ----A---- C:\Windows\system32\winipsec.dll
2008-08-25 01:26:39 ----A---- C:\Windows\system32\polstore.dll
2008-08-25 01:26:39 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-25 01:26:39 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-25 01:25:02 ----A---- C:\Windows\system32\shell32.dll
2008-08-25 01:24:18 ----A---- C:\Windows\system32\tzres.dll
2008-08-25 01:20:49 ----A---- C:\Windows\system32\kbd106n.dll
2008-08-25 01:20:47 ----A---- C:\Windows\system32\winresume.exe
2008-08-25 01:20:47 ----A---- C:\Windows\system32\winload.exe
2008-08-25 01:20:47 ----A---- C:\Windows\system32\srdelayed.exe
2008-08-25 01:20:47 ----A---- C:\Windows\system32\srcore.dll
2008-08-25 01:20:47 ----A---- C:\Windows\system32\srclient.dll
2008-08-25 01:20:47 ----A---- C:\Windows\system32\rstrui.exe
2008-08-25 01:20:46 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-08-25 01:20:46 ----A---- C:\Windows\system32\kd1394.dll
2008-08-25 01:20:46 ----A---- C:\Windows\system32\ci.dll
2008-08-25 01:19:47 ----A---- C:\Windows\system32\gdi32.dll
2008-08-25 01:18:07 ----A---- C:\Windows\system32\wshrm.dll
2008-08-25 01:17:32 ----A---- C:\Windows\system32\INETRES.dll
2008-08-25 01:17:32 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-25 01:17:20 ----A---- C:\Windows\system32\quartz.dll
2008-08-24 19:55:24 ----D---- C:\Windows\Minidump
2008-08-24 18:11:26 ----SD---- C:\Users\Ifan\AppData\Roaming\Microsoft
2008-08-24 18:11:26 ----D---- C:\Users\Ifan\AppData\Roaming\Media Center Programs
2008-08-24 18:10:29 ----D---- C:\Windows\system32\URTTEMP
2008-08-24 18:10:20 ----SHD---- C:\Windows\Installer
2008-08-24 18:06:32 ----A---- C:\Windows\system32\nvexpbar.dll
2008-08-24 18:06:32 ----A---- C:\Windows\system32\nvcplui.exe
2008-08-24 17:58:29 ----D---- C:\Windows\Prefetch
2008-08-24 12:54:57 ----A---- C:\Windows\system32\aswBoot.exe
2008-08-13 11:45:07 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-10 12:55:10 ----D---- C:\Program Files\SystemRequirementsLab
2008-08-10 12:55:04 ----D---- C:\Users\Ifan\AppData\Roaming\SystemRequirementsLab
2008-08-04 11:19:42 ----D---- C:\Program Files\iPod
2008-08-01 20:28:57 ----D---- C:\Program Files\Last.fm
2008-07-30 22:36:06 ----D---- C:\ProgramData\FLEXnet
2008-07-26 18:57:50 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-07-26 18:55:08 ----A---- C:\Windows\system32\BASSMOD.dll
2008-07-25 18:00:16 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-07-25 18:00:08 ----D---- C:\Program Files\DAEMON Tools Lite
2008-07-25 17:55:22 ----D---- C:\Users\Ifan\AppData\Roaming\DAEMON Tools
2008-07-25 17:48:56 ----D---- C:\Program Files\EA GAMES
2008-07-18 12:00:40 ----A---- C:\Windows\system32\msonpmon.dll
2008-07-18 11:58:32 ----D---- C:\Program Files\Microsoft Works
2008-07-18 11:56:35 ----D---- C:\Program Files\Microsoft Visual Studio
2008-07-18 11:56:34 ----D---- C:\Program Files\Common Files\DESIGNER
2008-07-18 11:55:12 ----D---- C:\Program Files\Microsoft.NET
2008-07-18 11:51:46 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-07-13 18:16:00 ----A---- C:\Windows\system32\javaws.exe
2008-07-13 18:16:00 ----A---- C:\Windows\system32\javaw.exe
2008-07-13 18:16:00 ----A---- C:\Windows\system32\java.exe
2008-07-13 17:19:23 ----D---- C:\Program Files\Bonjour
2008-06-20 16:50:46 ----D---- C:\Users\Ifan\AppData\Roaming\Samsung
2008-06-20 16:41:39 ----D---- C:\Windows\system32\Samsung_USB_Drivers

List of drivers

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 pctfw2;pctfw2; \??\C:\Windows\System32\drivers\pctfw2.sys [2008-07-28 160792]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 FWAuth;FWAuth Driver; \??\C:\Windows\system32\drivers\FWAuthDriver.sys [2008-08-05 58136]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-16 7465312]
R3 P17;SB Live! 24-bit; C:\Windows\system32\drivers\P17.sys [2007-06-13 1131520]
R3 SFilter;PCTools Driver; C:\Windows\system32\DRIVERS\pctfw.sys [2008-07-17 93952]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2008-04-24 33088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-09-11 85969]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 ossrv;Creative OS Services Driver; C:\Windows\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-16 118784]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-08-04 126200]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2008-04-24 66880]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-26 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-31 87288]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096]
S4 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096]
S4 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096]

-----------------EOF-----------------

Txt.file
info.txt logfile of random's system information tool 1.01 2008-09-13 18:22:05

Uninstall list

-->"C:\Program Files\Creative\SBAudigy\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Celestia 1.4.1-->"C:\Program Files\Celestia\unins000.exe"
Chinese Simplified Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Dual-Core Optimizer-->MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
HijackThis 2.0.2-->"C:\Users\Ifan\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Last.fm 1.5.2.38918-->"C:\Program Files\Last.fm\unins000.exe"
LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 7 Essentials-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PC Tools Firewall Plus 4.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rome - Total War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
ThreatFire 3.5-->"C:\Program Files\ThreatFire\unins000.exe"
Uniblue DriverScanner 2009-->"C:\ProgramData\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\ProgramData\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}\DriverScanner_Setup.exe
Uniblue SpeedUpMyPC 2009-->"C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (3)\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: ThreatFire
AV: avast! antivirus 4.8.1229 [VPS 080913-0]
FW: PC Tools Firewall Plus (disabled)
AS: Spyware Doctor
AS: Spybot - Search and Destroy
AS: Windows Defender
AS: ThreatFire
AS: avast! antivirus 4.8.1229 [VPS 080913-0]

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Qloud\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Pronitron
Active Member
 
Posts: 4
Joined: September 9th, 2008, 11:45 am
Top

Re: Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Shaba » September 13th, 2008, 1:33 pm

Looks good :)

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log and javara log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Help Needed In the removal of Win32.Trojan-gen,Win32 etc

Unread postby Shaba » September 18th, 2008, 4:15 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 237 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index