Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

my computer is being redirected. Please Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

my computer is being redirected. Please Help!

Unread postby ptown » July 29th, 2010, 3:39 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:42 AM, on 7/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [kteaibbv] C:\Documents and Settings\Owner\Local Settings\Application Data\voutgydhj\hnfxikptssd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adware_ProNET] C:\Program Files\AdwarePro\Adware_Pro.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zp ... b40641.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: bw+0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {CF81A269-1C02-4C25-B7B7-D8DE8547AFF4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 23173 bytes
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top
Advertisement
Register to Remove

Re: my computer is being redirected. Please Help!

Unread postby km2357 » August 2nd, 2010, 2:29 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.



Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3205
Joined: January 30th, 2007, 2:48 pm
Location: California
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:07 pm

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/30/2004 12:52:15 PM
System Uptime: 8/2/2010 6:22:27 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2192/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 19.413 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1671: 5/5/2010 5:16:06 PM - System Checkpoint
RP1672: 5/6/2010 3:09:03 PM - Software Distribution Service 3.0
RP1673: 5/10/2010 5:07:20 PM - Software Distribution Service 3.0
RP1674: 5/11/2010 4:33:57 PM - Software Distribution Service 3.0
RP1675: 5/13/2010 10:42:47 AM - Software Distribution Service 3.0
RP1676: 5/15/2010 10:55:07 AM - System Checkpoint
RP1677: 5/17/2010 2:47:17 PM - System Checkpoint
RP1678: 5/17/2010 2:56:34 PM - Software Distribution Service 3.0
RP1679: 5/18/2010 6:47:45 PM - System Checkpoint
RP1680: 5/19/2010 7:01:42 PM - System Checkpoint
RP1681: 5/20/2010 11:06:16 AM - Software Distribution Service 3.0
RP1682: 5/21/2010 9:34:32 AM - Installed Microsoft Office Professional 2007 Trial
RP1683: 5/21/2010 9:57:54 AM - Configured Microsoft Office Professional 2007 Trial
RP1684: 5/21/2010 10:05:13 AM - Configured Microsoft Office Professional 2007 Trial
RP1685: 5/21/2010 5:12:01 PM - Configured Microsoft Office Professional 2007 Trial
RP1686: 5/22/2010 1:48:37 PM - Software Distribution Service 3.0
RP1687: 5/22/2010 8:22:21 PM - Software Distribution Service 3.0
RP1688: 5/23/2010 1:30:42 PM - Configured Microsoft Office Professional 2007 Trial
RP1689: 5/24/2010 9:06:19 AM - Software Distribution Service 3.0
RP1690: 5/25/2010 12:34:00 PM - Software Distribution Service 3.0
RP1691: 5/26/2010 1:17:24 PM - System Checkpoint
RP1692: 5/27/2010 10:16:53 AM - Software Distribution Service 3.0
RP1693: 5/28/2010 7:35:55 PM - System Checkpoint
RP1694: 5/29/2010 8:30:51 PM - System Checkpoint
RP1695: 5/31/2010 11:05:26 AM - Software Distribution Service 3.0
RP1696: 6/1/2010 10:35:36 PM - System Checkpoint
RP1697: 6/2/2010 10:43:46 PM - System Checkpoint
RP1698: 6/3/2010 9:45:24 AM - Software Distribution Service 3.0
RP1699: 6/4/2010 5:51:46 PM - Software Distribution Service 3.0
RP1700: 6/8/2010 1:06:16 PM - System Checkpoint
RP1701: 6/9/2010 8:11:55 AM - Software Distribution Service 3.0
RP1702: 6/10/2010 8:51:05 AM - Software Distribution Service 3.0
RP1703: 6/11/2010 10:55:16 AM - System Checkpoint
RP1704: 6/11/2010 12:07:53 PM - Software Distribution Service 3.0
RP1705: 6/11/2010 3:50:05 PM - Configured Microsoft Office Professional 2007 Trial
RP1706: 6/14/2010 12:31:58 PM - Software Distribution Service 3.0
RP1707: 6/16/2010 10:49:53 AM - System Checkpoint
RP1708: 6/17/2010 10:14:47 AM - Software Distribution Service 3.0
RP1709: 6/18/2010 4:12:15 PM - Configured Microsoft Office Professional 2007 Trial
RP1710: 6/19/2010 4:52:49 PM - System Checkpoint
RP1711: 6/21/2010 12:12:10 PM - Software Distribution Service 3.0
RP1712: 6/22/2010 1:18:52 PM - System Checkpoint
RP1713: 6/23/2010 5:33:44 PM - System Checkpoint
RP1714: 6/24/2010 10:56:58 AM - Software Distribution Service 3.0
RP1715: 6/26/2010 10:40:35 AM - System Checkpoint
RP1716: 6/27/2010 10:34:00 PM - System Checkpoint
RP1717: 6/28/2010 5:09:46 PM - Software Distribution Service 3.0
RP1718: 6/29/2010 5:57:34 PM - System Checkpoint
RP1719: 6/30/2010 9:37:22 PM - System Checkpoint
RP1720: 7/1/2010 10:15:14 PM - Software Distribution Service 3.0
RP1721: 7/3/2010 5:35:19 PM - System Checkpoint
RP1722: 7/5/2010 10:39:00 PM - System Checkpoint
RP1723: 7/7/2010 4:09:24 PM - System Checkpoint
RP1724: 7/8/2010 7:59:24 PM - System Checkpoint
RP1725: 7/10/2010 12:18:41 PM - System Checkpoint
RP1726: 7/11/2010 11:56:48 AM - Removed Windows Live ID Sign-in Assistant
RP1727: 7/13/2010 1:18:38 AM - Restore Operation
RP1728: 7/14/2010 1:47:42 PM - System Checkpoint
RP1729: 7/15/2010 10:52:03 AM - Installed HiJackThis
RP1730: 7/16/2010 3:18:51 PM - System Checkpoint
RP1731: 7/18/2010 8:27:22 PM - System Checkpoint
RP1732: 7/20/2010 1:49:43 PM - System Checkpoint
RP1733: 7/24/2010 11:59:16 AM - System Checkpoint
RP1734: 7/28/2010 7:22:00 PM - System Checkpoint
RP1735: 7/31/2010 3:30:22 PM - System Checkpoint
RP1736: 8/2/2010 1:36:30 PM - System Checkpoint

==== Installed Programs ======================


1Click DVD Copy 4.2.9.2
ABBYY FineReader 5.0 Sprint
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat 5.0
Adobe Audition 1.5
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 10 ActiveX
Ahead Nero - Burning Rom
Ask Toolbar
Audacity 1.2.4
BCM V.92 56K Modem
Bonjour
Britannica Ready Reference
Broadcom 440x 10/100 Integrated Controller
Coupon Printer for Windows
Creative MediaSource
dBpowerAMP Music Converter
dBpoweramp Windows Media Audio 10 Codec
dBpowerAMP Windows Media Audio 9 Codec
Dell AIO Printer A920
Dell ResourceCD
Delta
DNA
DVD Region-Free 3.10
FaxTools
GoToMeeting 4.5.0.457
HiJackThis
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
jetAudio
LimeWire 4.18.8
Logitech Desktop Messenger
Logitech IM Video Companion
Logitech Print Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Data Access Components KB870669
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft UI Engine
Microsoft Visual C Runtime
Move Media Player
MPIO Manager 2
MSDNS Service
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuVo Driver
Nero 7
neroxml
Odyssey HiScale Photo
PowerDVD
QuickTime
RealPlayer
Reason 4.0.1
ReCycle v2.1
Rhapsody Player Engine
Samsung PC Studio
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SoundMAX
Spider-Man 2
ThreatFire
TunePlus 1.0.0.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Word 2007 (KB974631)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
ViviCam 10 and 20
VLC media player 0.9.4
WebFldrs XP
WebSearch Tools
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver

==== Event Viewer Messages From Past Week ========

7/27/2010 10:30:56 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/27/2010 10:30:56 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:17 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-03 19:59:39
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwldapow.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF777FA1C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF777FC10]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF777FCB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF777F90C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF777FE52]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF7781B30]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ThreatFire\TFTray.exe[112] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ThreatFire\TFTray.exe[112] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\ThreatFire\TFTray.exe[112] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[164] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe[172] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[184] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\ctfmon.exe[212] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:20 pm

.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[532] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[532] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[532] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[532] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[532] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[532] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[532] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[532] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[588] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\winlogon.exe[640] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!OpenProcessToken 77DD796B 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!OpenProcessToken + 5 77DD7970 1 Byte [70]
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [19, 71]
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\winlogon.exe[640] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\winlogon.exe[640] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\services.exe[688] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[688] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\services.exe[688] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[688] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\services.exe[688] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\services.exe[688] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\services.exe[688] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\services.exe[688] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\services.exe[688] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\services.exe[688] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\services.exe[688] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\services.exe[688] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:22 pm

.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70BF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7113000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7086000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7089000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7080000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7083000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D7000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E0000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7056000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A1000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7110000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B3000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BC000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70B9000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7050000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7059000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7053000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B6000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7098000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E3000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7107000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F8000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7095000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E6000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70EF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70E9000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710A000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F2000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FE000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 708F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EC000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7101000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7104000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CE000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7092000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 705F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7077000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C1, 70]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7071000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7074000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7062000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 7119000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C8000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707A000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [15, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A7000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B0000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AD000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[856] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[856] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[856] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[856] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[856] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[856] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[996] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1032] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1076] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 008F000C
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 705F000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7077000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7071000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7074000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7062000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707A000A
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:24 pm

.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\ctfmon.exe[212] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[212] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\ctfmon.exe[212] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\ctfmon.exe[212] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\ctfmon.exe[212] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\ctfmon.exe[212] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\ctfmon.exe[212] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\ctfmon.exe[212] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\ctfmon.exe[212] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\ctfmon.exe[212] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[532] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\lsass.exe[700] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\lsass.exe[700] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\lsass.exe[700] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\lsass.exe[700] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\lsass.exe[700] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\lsass.exe[700] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\lsass.exe[700] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\lsass.exe[700] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DD000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D1000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[824] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1076] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:26 pm

.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1076] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1076] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1076] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1332] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1344] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1344] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1344] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1412] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\ThreatFire\TFService.exe[1448] kernel32.dll!CreateRemoteThread + 174 7C8105B0 4 Bytes [00, 00, 6F, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 012F000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0130000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 012E000C
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7067000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7133000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C7000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707F000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C3, 70]
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2C, 71] {SUB AL, 0x71}
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7130000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7079000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707C000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7157000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 706A000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 715A000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711B000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70CA000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7082000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 712A000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713F000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1488] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [17, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1488] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7145000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B2000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AF000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7148000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714E000A
.text C:\WINDOWS\system32\wuauclt.exe[1488] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714B000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:30 pm

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1540] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1592] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:31 pm

.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\LEXBCES.EXE[1748] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1788] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1788] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\LEXPPS.EXE[1796] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\M-AudioTaskBarIcon.exe[2036] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:32 pm

.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2204] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[2356] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:32 pm

.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[2416] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7144000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B1000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AE000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7147000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714D000A
.text C:\Program Files\iPod\bin\iPodService.exe[2416] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [13, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [5E, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7048000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 703F000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7042000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 704B000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7045000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegOpenKeyW 77DD7926 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegOpenKeyW + 5 77DD792B 1 Byte [70]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [B3, 70] {MOV BL, 0x70}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [1C, 71] {SBB AL, 0x71}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!EndTask 7E459E75 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [07, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2672] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 7096000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7085000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7064000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708E000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7091000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7088000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A3000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705E000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A9000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7055000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7076000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7073000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A6000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7058000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7061000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70A0000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7067000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7133000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C7000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707F000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C3, 70]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2C, 71] {SUB AL, 0x71}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7130000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7079000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707C000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7157000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 706A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 715A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70CA000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7082000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 712A000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713F000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [17, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7145000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B2000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AF000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7148000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714E000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714B000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 7052000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2856] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 704F000A
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71]
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71]
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7085000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7064000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708E000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7091000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7088000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708B000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71]
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A3000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705E000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A9000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:33 pm

.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7055000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7076000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7073000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A6000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7058000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7061000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705B000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70A0000A
.text C:\WINDOWS\System32\alg.exe[2900] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7067000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7133000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C7000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707F000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C3, 70]
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2C, 71] {SUB AL, 0x71}
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7130000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7079000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707C000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7157000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 706A000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 715A000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711B000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70CA000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7082000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 712A000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713F000A
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2900] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [17, 71]
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A
.text C:\WINDOWS\System32\alg.exe[2900] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A
.text C:\WINDOWS\System32\alg.exe[2900] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7145000A
.text C:\WINDOWS\System32\alg.exe[2900] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B2000A
.text C:\WINDOWS\System32\alg.exe[2900] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AF000A
.text C:\WINDOWS\System32\alg.exe[2900] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7148000A
.text C:\WINDOWS\System32\alg.exe[2900] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714E000A
.text C:\WINDOWS\System32\alg.exe[2900] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714B000A
.text C:\WINDOWS\System32\alg.exe[2900] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 7052000A
.text C:\WINDOWS\System32\alg.exe[2900] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 704F000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7085000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7064000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708E000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7091000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7088000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708B000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A3000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705E000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A9000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7055000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7076000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7073000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A6000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7058000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7061000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705B000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70A0000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!CreateServiceA 77E370B9 6 Bytes JMP 7121000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] ADVAPI32.DLL!CreateServiceW 77E37251 6 Bytes JMP 711E000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7067000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7133000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C7000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707F000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C3, 70]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2C, 71] {SUB AL, 0x71}
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7130000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7079000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707C000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7157000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 706A000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 715A000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711B000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70CA000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7082000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 712A000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713F000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [17, 71]
.text C:\Program Files\WinRAR\WinRAR.exe[3252] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7145000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B2000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AF000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7148000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714E000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714B000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 7052000A
.text C:\Program Files\WinRAR\WinRAR.exe[3252] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 704F000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7085000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7064000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708E000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7091000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7088000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708B000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A3000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705E000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A9000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7055000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7076000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7073000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A6000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7058000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7061000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705B000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70A0000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7067000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7133000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C7000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707F000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C3, 70]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2C, 71] {SUB AL, 0x71}
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7130000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7079000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707C000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7157000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 706A000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 715A000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711B000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70CA000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7082000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 712A000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713F000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [17, 71]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] SHELL32.dll!ShellExecuteExW 7CA025D3 6 Bytes JMP 7145000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] SHELL32.dll!Shell_NotifyIcon 7CA218BE 6 Bytes JMP 70B2000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] SHELL32.dll!Shell_NotifyIconW 7CA262A5 6 Bytes JMP 70AF000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] SHELL32.dll!ShellExecuteEx 7CA40E95 6 Bytes JMP 7148000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] SHELL32.dll!ShellExecuteA 7CA411C0 6 Bytes JMP 714E000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] SHELL32.dll!ShellExecuteW 7CAB59D0 6 Bytes JMP 714B000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 7052000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.000\gmer.exe[3364] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 704F000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp TfNetMon.sys (ThreatFire Network Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby ptown » August 3rd, 2010, 11:34 pm

Hey sorry if this was wrong? It would only hold 100000 and this report gave way more then that as you can see.
ptown
Regular Member
 
Posts: 22
Joined: July 15th, 2010, 1:43 pm
Top

Re: my computer is being redirected. Please Help!

Unread postby km2357 » August 4th, 2010, 2:44 pm

ptown wrote:Hey sorry if this was wrong? It would only hold 100000 and this report gave way more then that as you can see.


If you're referring to the GMER Log, you did just fine posting it using multiple posts/replies. :)

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

DNA

LimeWire 4.18.8

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Reboot your computer after you have uninstalled the programs above.

Please run DDS when finished and post the log back here.

Be sure to post DDS.txt, not just Attach.txt like last time.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3205
Joined: January 30th, 2007, 2:48 pm
Location: California
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 147 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index