Here's the log...
GMER 1.0.14.14116 -
http://www.gmer.netRootkit scan 2008-02-07 09:38:24
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\drivers\pctmp.sys (Memory Monitor Driver/PCTools Research Pty Ltd.) ZwAllocateVirtualMemory [0xBAA0AEEC]
SSDT \SystemRoot\system32\drivers\mmrtkrnl.sys (MMRTKRNL.SYS/ALCATech GmbH) ZwClose [0xB9F54CA6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xBA91D806]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB6FC8794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB6FC8F1E]
SSDT 84358628 ZwCreateThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xBA91DA08]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xBA91DAD2]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xBA91D6EE]
SSDT \SystemRoot\system32\drivers\pctmp.sys (Memory Monitor Driver/PCTools Research Pty Ltd.) ZwProtectVirtualMemory [0xBAA0B27E]
SSDT 843583D0 ZwQueueApcThread
SSDT 84358268 ZwReadVirtualMemory
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xB6FCD12A]
SSDT 843584C0 ZwSetContextThread
SSDT 843603F0 ZwSetInformationKey
SSDT 84358718 ZwSetInformationProcess
SSDT 84358538 ZwSetInformationThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xBA91DC8A]
SSDT 843586A0 ZwSuspendProcess
SSDT 84358448 ZwSuspendThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xBA91F166]
SSDT 843585B0 ZwTerminateThread
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB6FC7384]
INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys B595616D
INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys B5955FC2
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\svchost.exe[148] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\svchost.exe[148] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\svchost.exe[148] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\svchost.exe[148] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[384] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 5F, 98, C3, 83 ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\ThreatFire\TFService.exe[656] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\ThreatFire\TFService.exe[656] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[716] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ FF, FB, C3, 83 ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[920] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[920] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[944] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[944] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7F, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F7B0F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\services.exe[988] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\services.exe[988] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\services.exe[988] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\services.exe[988] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\lsass.exe[1000] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\lsass.exe[1000] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\lsass.exe[1000] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 6F, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 5A, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F620F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F5C0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F5F0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F530F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F710F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F650F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F680F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F6B0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\svchost.exe[1168] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\svchost.exe[1168] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\svchost.exe[1168] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\svchost.exe[1288] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\svchost.exe[1288] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\svchost.exe[1288] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 80, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\svchost.exe[1412] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\svchost.exe[1412] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\svchost.exe[1412] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] shell32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] shell32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] shell32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] shell32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\svchost.exe[1480] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\svchost.exe[1480] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\svchost.exe[1480] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 6F, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 5A, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F650F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 6F, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 5A, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F650F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\svchost.exe[1816] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\svchost.exe[1816] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\svchost.exe[1816] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\alg.exe[2384] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\alg.exe[2384] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\System32\alg.exe[2384] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\alg.exe[2384] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\alg.exe[2384] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\alg.exe[2384] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 843DC2DC
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (
http://www.webroot.com))
Device \FileSystem\Fastfat \FatCdrom 83CEC8FC
Device \Driver\Tcpip \Device\Ip 83D0EE90
Device \Driver\Tcpip \Device\Ip 83CF3B70
Device \Driver\Tcpip \Device\Ip 84157FA8
Device \Driver\Tcpip \Device\Ip 83F94D50
AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)
Device \Driver\Tcpip \Device\Tcp 83D0EE90
Device \Driver\Tcpip \Device\Tcp 83CF3B70
Device \Driver\Tcpip \Device\Tcp 84157FA8
Device \Driver\Tcpip \Device\Tcp 83F94D50
AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)
---- Modules - GMER 1.0.14 ----
Module _________ BA7D6000-BA7EE000 (98304 bytes)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Classes\cil8tsfile\Shell\Open\0@yŒ\x201ec\x2020}{}\x201au\x20ac D
Reg HKLM\SOFTWARE\Classes\cil8tsfile\Shell\Open\0@yŒ\x201eZ}\x2020\x2021\x2c6Xu\x2c6y FDDH4I4M4I4GE4FM
Reg HKLM\SOFTWARE\Classes\cil8tsfile\Shell\Open\0@yŒ\x201e`u\x2021\x2c6Xu\x2c6y FDDH4I4M4I4GE4FM
Reg HKLM\SOFTWARE\Classes\cil8tsfile\Shell\Open\0@yŒ\x201efy\x81u}\x201a}\x201a{ D
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\2\1\1\2\1\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\1\2\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\2\2\2\2\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\1\1\1\2\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\2\2\2\2\1\1\2\1\1\1\2\1\1\1\2\2\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\1\1\2\2\2\1\1\2\2\1\1\1\1\1\2\2\1\2\1\1\1\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\2\1\1\1\1\2\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\2\1\1\2\1\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\1\1\2\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\1\1\2\2\1\1\2\2\1\1\1\1\2\1\1\2\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\2\1\2\2\2\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\1\2\1\1\2\2\1\1\2\1\1\1\1\1\2\2\1\1\2\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\2\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\1\1\1\2\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\2\1\1\2\2\1\1\2\1\1\1\2\1\1\1\1\1\2\2\2\1\1\1\1\1\2\2\2\1\2\1\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\1\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\2\1\1\2\2\1\1\2\1\1\1\2\1\1\1\1\1\2\2\2\1\1\1\1\1\2\2\1\1\2\2\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\1\2\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\2\1\1\2\2\1\1\2\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\2\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\2\1\2\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\1\1\1\2\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\sabxfhfile\Shell\Open\0@yŒ\x201ec\x2020}{}\x201au\x20ac K
Reg HKLM\SOFTWARE\Classes\sabxfhfile\Shell\Open\0@yŒ\x201eZ}\x2020\x2021\x2c6Xu\x2c6y FDDH4I4M4I4GE4FF
Reg HKLM\SOFTWARE\Classes\sabxfhfile\Shell\Open\0@yŒ\x201e`u\x2021\x2c6Xu\x2c6y FDDH4I4ED4EF4HM4FM
Reg HKLM\SOFTWARE\Classes\sabxfhfile\Shell\Open\0@yŒ\x201efy\x81u}\x201a}\x201a{ J
---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit detected !!! <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior
---- EOF - GMER 1.0.14 ----