GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-08-03 19:59:39
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwldapow.sys
---- System - GMER 1.0.15 ----
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF777FA1C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF777FC10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF777FCB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF777F90C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF777FE52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF7781B30]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ThreatFire\TFTray.exe[112] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]