Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Some Google redirects, computer runs slow...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 9:32 am

Went up and down the list a few times, could not find a section dedicated to "disk sectors."
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am
Advertisement
Register to Remove

Re: Some Google redirects, computer runs slow...

Unread postby melboy » November 4th, 2010, 5:25 pm

Hi

Post me the full GMER log. If you have to split it into sections and post it in multiple posts please do it. It's the only way I'm going to determine what is the best way to proceed - Thanks.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:16 pm

Ok, here goes.....

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-31 20:52:08
Windows 5.1.2600 Service Pack 3
Running: 27rk1r02.exe; Driver: C:\DOCUME~1\RICKHA~1\LOCALS~1\Temp\uxroqkoc.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9EA9AC2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9ED12D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9ED14C8]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9EA9CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9EA9D5C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9EA99B2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EF3020]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9EA9EF8]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9EABBD6]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [89, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9E, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [92, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [AA, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A4, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A1, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [95, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A7, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8F, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9B, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [98, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8C, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7125000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716A000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00270001
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715E000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7164000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7161000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714F000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7152000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715B000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6C, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7137000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7134000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7140000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7167000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 711F000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711C000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7155000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7131000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712E000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2A, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7158000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7128000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713D000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A7000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A4000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7143000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B0000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7146000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714C000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 7149000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 030F0001
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7085000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7088000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 707F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7082000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7055000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706A000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 704F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7058000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7052000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7067000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7064000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7070000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7076000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7073000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7061000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7079000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:22 pm

Part 2...

.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01910001
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[392] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 024F0001
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe[440] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01640001
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:36 pm

Part 3...

.text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[456] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00770001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[468] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01680001
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[472] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] shell32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] shell32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] shell32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] shell32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] shell32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] shell32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[484] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[536] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:40 pm

Part 4...

.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[588] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0A9A0001
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[640] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01120001
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[656] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:42 pm

Part 5...

.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01090001
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\ctfmon.exe[684] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\ctfmon.exe[684] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[684] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\ctfmon.exe[684] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\ctfmon.exe[684] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\ctfmon.exe[684] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\ctfmon.exe[684] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\ctfmon.exe[684] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\ctfmon.exe[684] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\ctfmon.exe[684] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\ctfmon.exe[684] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[744] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:47 pm

Part 6...

.text C:\Program Files\EMACHINES\eMachines Recovery Management\eRecovery\HidChk.exe[784] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[932] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\csrss.exe[932] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03E30001
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006E0001
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[936] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[936] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01290001
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\winlogon.exe[956] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!OpenProcessToken 77DD798B 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!OpenProcessToken + 5 77DD7990 1 Byte [70]
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [25, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\winlogon.exe[956] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [19, 71]
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\winlogon.exe[956] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\winlogon.exe[956] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\winlogon.exe[956] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\winlogon.exe[956] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\winlogon.exe[956] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017E0001
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\services.exe[1004] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\services.exe[1004] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1004] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\services.exe[1004] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\services.exe[1004] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\services.exe[1004] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\services.exe[1004] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\services.exe[1004] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\services.exe[1004] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\services.exe[1004] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\services.exe[1004] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:48 pm

Part 7...

.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\lsass.exe[1016] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\lsass.exe[1016] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1016] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\lsass.exe[1016] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\lsass.exe[1016] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\lsass.exe[1016] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\lsass.exe[1016] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\lsass.exe[1016] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\lsass.exe[1016] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\lsass.exe[1016] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\lsass.exe[1016] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01050001
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1088] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1184] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1184] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1184] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1184] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1184] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1184] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1184] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:50 pm

Part 8...

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01360001
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 05053418 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 050533C2 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 050533ED C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] shell32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] shell32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] shell32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] shell32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] shell32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1208] shell32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1264] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1264] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1264] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1264] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1264] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1264] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1264] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1264] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08540001
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1304] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:51 pm

Part 9...

.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00830001
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\agrsmsvc.exe[1352] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[1392] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1392] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1392] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\System32\svchost.exe[1392] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F9000A
.text C:\WINDOWS\System32\svchost.exe[1392] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1392] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1392] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1392] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1392] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1392] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:52 pm

Part 10...

.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BC0001
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1504] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1532] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1532] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1532] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1532] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1532] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1532] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1532] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1532] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1532] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1532] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03A60001
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] shell32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] shell32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] shell32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] shell32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] shell32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe[1616] shell32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:54 pm

Part 11...

.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\svchost.exe[1664] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1664] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[1664] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1664] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\svchost.exe[1664] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\svchost.exe[1664] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1664] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1664] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1664] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\svchost.exe[1664] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [80, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [95, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [89, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [98, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [86, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [92, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F20001
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1772] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1772] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\spoolsv.exe[1772] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] shell32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] shell32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B0000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] shell32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] shell32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] shell32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] shell32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A7000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1920] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:55 pm

Part 12...

.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01600001
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A7000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B0000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1984] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0224000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 6 Bytes JMP 0225000B
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0223000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7167000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 711F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7155000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7131000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2A, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7158000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7128000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7143000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B0000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7146000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2116] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[2208] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[2208] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2208] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\svchost.exe[2208] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[2208] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[2208] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[2208] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[2208] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[2208] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[2208] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[2208] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FA000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FB000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F9000C
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\system32\wuauclt.exe[2484] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B00000
.text C:\WINDOWS\system32\wuauclt.exe[2484] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD0000
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[2620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00270001
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[2620] kernel32.dll!CreateRemoteThread + 174 7C810640 4 Bytes [00, 00, 6E, 71]
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[2620] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[2620] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[2620] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[2620] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[2620] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am

Re: Some Google redirects, computer runs slow...

Unread postby rickhavoc » November 4th, 2010, 11:56 pm

Part 13...

.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [81, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [96, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A2, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9C, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [99, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9F, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [87, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [93, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [90, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [84, 71]
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7125000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716A000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 001B0001
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715E000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7164000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7161000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714F000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7152000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715B000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6C, 71]
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7137000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7134000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7140000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7155000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7131000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712E000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2A, 71]
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7158000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7128000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713D000A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7167000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 711F000A
.text C:\WINDOWS\System32\alg.exe[2980] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711C000A
.text C:\WINDOWS\System32\alg.exe[2980] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7143000A
.text C:\WINDOWS\System32\alg.exe[2980] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B0000A
.text C:\WINDOWS\System32\alg.exe[2980] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD000A
.text C:\WINDOWS\System32\alg.exe[2980] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7146000A
.text C:\WINDOWS\System32\alg.exe[2980] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714C000A
.text C:\WINDOWS\System32\alg.exe[2980] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 7149000A
.text C:\WINDOWS\System32\alg.exe[2980] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A7000A
.text C:\WINDOWS\System32\alg.exe[2980] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A4000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [89, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9E, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [92, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [AA, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A4, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A1, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [95, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A7, 71]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8F, 71]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9B, 71]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [98, 71]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8C, 71]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7125000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716A000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00270001
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715E000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7164000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7161000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714F000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7152000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715B000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6C, 71]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7137000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7134000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7140000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
.text C:\Documents and Settings\\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7167000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 711F000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711C000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7155000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7131000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712E000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2A, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7158000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7128000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713D000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A7000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A4000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7143000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B0000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7146000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714C000A
.text C:\Documents and Settings\rickhavoc\Desktop\27rk1r02.exe[3344] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 7149000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89DA6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89DA6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T1L0-e 89DA6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89DA6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89DA6292
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Device\Ide\IdeDeviceP2T0L0-6 -> \??\IDE#DiskWDC_WD1600AAJS-22L7A0___________________01.03E01#5&148c697d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\TMP1F.tmp (size mismatch) 2526320/0 bytes executable
File C:\WINDOWS\Temp\TMP21.tmp (size mismatch) 384112/0 bytes executable
File C:\WINDOWS\Temp\TMP24.tmp (size mismatch) 172096/0 bytes executable
File C:\WINDOWS\Temp\TMP7.tmp (size mismatch) 200768/0 bytes executable
File C:\WINDOWS\Temp\TMP9.tmp (size mismatch) 200768/0 bytes executable

---- EOF - GMER 1.0.15 ----
rickhavoc
Regular Member
 
Posts: 31
Joined: October 29th, 2010, 1:32 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware