GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-10-08 09:56:39
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xAA9617A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xAA95E794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xAA95EF1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xAA9621F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xAA96242A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xAA96312A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xAA96283C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xAA95DD0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xAA95D384]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA71DAB8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA71DAA2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA71D9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA71DAE4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA71D9FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA71D930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA71D944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA71D9A8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA71DB20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA71DA8C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA71DA76]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA71DB0C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA71DAF8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA71D994]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA71D980]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA71DACE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA71D9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA71D9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!ZwYieldExecution 80515A5A 7 Bytes JMP AA71D9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BFC 5 Bytes JMP AA71DA02 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8057303F 7 Bytes JMP AA71DA7A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80578A1C 7 Bytes JMP AA71DB24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E1C 7 Bytes JMP AA71DABC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8057CFC8 5 Bytes JMP AA71D984 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057DEF9 5 Bytes JMP AA71D9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E371 7 Bytes JMP AA71D9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8058170A 5 Bytes JMP AA71D934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581891 7 Bytes JMP AA71D9AC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80587691 7 Bytes JMP AA71DAA6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 805E1939 5 Bytes JMP AA71D948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E218F 5 Bytes JMP AA71DAE8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635937 5 Bytes JMP AA71D998 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654DAE 7 Bytes JMP AA71DAD2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 806556D4 7 Bytes JMP AA71DA90 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80656045 5 Bytes JMP AA71DAFC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 806564B0 5 Bytes JMP AA71DB10 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 84, 84 ]
.text C:\WINDOWS\system32\TPSMain.exe[148] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\TPSMain.exe[148] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BD, 83 ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CA, 84 ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 95, 84 ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 90, 84 ]
.text C:\toshiba\ivp\ism\pinger.exe[184] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\toshiba\ivp\ism\pinger.exe[184] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, DD, 84 ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EF, 84 ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 54, 84 ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, E5, 84 ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 82, 85 ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8E, 84 ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 86, 85 ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 3C, 86 ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 1C, 84 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A2, 86 ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A1, 84 ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6A, 84 ]
.text C:\Program Files\QuickTime\QTTask.exe[528] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\QuickTime\QTTask.exe[528] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8B, 87 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[560] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 37, A1, C3, 83 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[560] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[560] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F20000
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F20076
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F2005B
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F20F81
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ]
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F2004A
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F2002F
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F20F3F
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F20F66
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F20F13
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F200A2
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F200D1
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F20FA8
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F20FEF
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F20091
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F20FC3
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F20FDE
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F20F24
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E4001B
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E40F68
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E40FD4
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E4000A
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E40F83
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E40FEF
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E40F94
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 04, 89 ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E40FA5
.text C:\Program Files\Messenger\msmsgs.exe[652] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Messenger\msmsgs.exe[652] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Messenger\msmsgs.exe[652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20000
.text C:\Program Files\Messenger\msmsgs.exe[652] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E50FEF
.text C:\Program Files\Messenger\msmsgs.exe[652] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E50FDE
.text C:\Program Files\Messenger\msmsgs.exe[652] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E5001E
.text C:\Program Files\Messenger\msmsgs.exe[652] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E50FCD
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 51, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[764] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[764] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2F, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026B0FEF
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026B009D
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026B008C
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026B007B
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 16, 85 ]
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026B0054
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026B002F
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026B00D3
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026B0F8B
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026B0F55
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026B00EE
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 026B0F44
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 026B0FB2
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 026B0FDE
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 026B00C2
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 026B001E
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 026B0FCD
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 026B0F70
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01880FCA
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01880058
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0188001B
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01880FE5
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01880F9B
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01880000
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0188003D
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0188002C
.text C:\WINDOWS\Explorer.EXE[812] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\Explorer.EXE[812] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[812] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01890000
.text C:\WINDOWS\Explorer.EXE[812] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01890FEF
.text C:\WINDOWS\Explorer.EXE[812] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01890FDE
.text C:\WINDOWS\Explorer.EXE[812] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 0189002F
.text C:\WINDOWS\Explorer.EXE[812] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01860000
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 53, 84 ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 71, 84 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 21, 85 ]
.text C:\WINDOWS\system32\csrss.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[888] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 98, 84 ]
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01070FEF
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01070FB2
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01070FC3
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01070091
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 19, 84 ]
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01070080
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0107004A
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010700C2
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01070F7A
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010700F8
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010700E7
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01070F44
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0107005B
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01070FD4
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01070F97
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01070025
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0107000A
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01070F5F
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01060F9E
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01060F68
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01060FB9
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01060FD4
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01060F83
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01060FE5
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01060025
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01060014
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2F, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F85
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F9007A
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90069
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 84 ]
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F9004E
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FB6
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90F4F
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F60
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900CD
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F34
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F90F0F
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F9003D
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F90FDB
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F9008B
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F90022
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F90011
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F900B2
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F80014
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F8004A
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F80FC3
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F80039
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F80F8D
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 18, 89 ]
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F6000A
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BA, 84 ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0064
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F6F
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0F80
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC003D
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0F9B
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0089
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F43
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC00B5
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC00A4
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DC00C6
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DC002C
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DC0F54
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DC0FC0
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DC0F26
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DB0FB6
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DB0F79
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DB0011
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DB0F8A
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DB002C
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DB0FA5
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90091
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90080
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E9006F
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90FBC
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FCD
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E900C9
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E900B8
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F4B
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E900DA
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E90F3A
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E9005E
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E90F81
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E90039
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E90FDE
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E90F66
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E8001B
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E8007D
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E80062
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E80051
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E80040
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60000
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 33, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 1E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 2A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 1B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 27, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 15, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 2D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 21, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 24, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 30, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03480000
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03480062
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03480051
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03480F77
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 54, 86 ]
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03480040
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03480FAF
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03480F37
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0348007D
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0348009A
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03480F01
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 03480EE6
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03480F9E
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03480FE5
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03480F52
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03480FCA
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0348001B
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03480F1C
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03460FB6
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 03460F8A
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 03460011
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03460FE5
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 03460047
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 03460000
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0346002C
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03460FA5
.text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D80FEF
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 03470000
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 03470FEF
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 03470025
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 03470FCA
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F9, 89 ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F0, 84 ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 88, 84 ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 05051EB5 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 05051E5F C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 05051E8A C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B00F74
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B00073
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B00062
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5D, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B00047
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B00FAF
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B00F4D
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B00095
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B00F06
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B00F21
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B00EEB
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B00036
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B00011
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B00084
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B00FC0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B00FDB
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B00F3C
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AF002F
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AF0F72
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AF0FD4
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AF0F83
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00AF0F9E
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ CF, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AF0FC3
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D2004E
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F59
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20F80
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20F91
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20022
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D2007A
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F32
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D200A6
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F0D
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D20EFC
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D20033
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D20011
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D2005F
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D20FB6
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D20FDB
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D20095
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D00051
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D00F9E
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1636] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D10FCA
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D10FB9
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D10F9E
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7C, 84 ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 71, 84 ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\TDispVol.exe[1680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8F, 84 ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\igfxtray.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B7, 84 ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\hkcmd.exe[1700] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BE, 84 ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\igfxpers.exe[1708] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, DF, 84 ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BB, 83 ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C5, 84 ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F9, 84 ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2F, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5C, 85 ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\spoolsv.exe[1912] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7B, 84 ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\AGRSMMSG.exe[2012] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 07, 85 ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 58, 84 ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EB, 83 ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BF, 84 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BE, 83 ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 71, 84 ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RAMASST.exe[2360] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 46, 84 ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BB, 84 ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 02, 84 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 16, 84 ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 60, 84 ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\TPSBattM.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5B, 84 ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 1C, 84 ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4A, 84 ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\eHome\ehSched.exe[2576] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 56, 86 ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 95, 84 ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 9E, 85 ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2A, 89 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2A, 85 ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AF, 86 ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, D4, 88 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B4, 85 ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 79, 84 ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F8, 83 ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 02, 84 ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[3708] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 23, A1, C3, 83 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 33, 86 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD00BA
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD00A9
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0098
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0FDB
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0062
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0FAA
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD00E6
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F8F
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0128
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CD0F74
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CD0073
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CD00D5
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CD002C
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CD0117
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CC006C
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[3800] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[3800] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[3800] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D0002C
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00F37
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D0001B
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7A, 84 ]
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00F83
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D0006E
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00F1C
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000A1
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D00090
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D000BC
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D00F68
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D0003D
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D00F94
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D0007F
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CF002F
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CF006C
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CF005B
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ EF, 88 ]
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CF0040
.text C:\WINDOWS\system32\svchost.exe[3820] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[3820] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B9, 83 ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 22, 84 ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EE, 83 ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2D, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 18, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 24, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0C, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 12, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 15, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 21, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0F, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 27, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1B, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2A, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F7A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0025006F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250FA1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250FB2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0025002F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002500CC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002500A5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250F33
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00250F4E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 002500E7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00250054
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00250FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00250094
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0025001E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00250FCD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00250F69
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00340FA8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00340F61
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00340FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00340F72
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00340F8D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 54, 88 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00340014
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00AE0FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00AE0FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00AE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00AE0FAF
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BD, 84 ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, ED, 83 ]
.text C:\WINDOWS\System32\alg.exe[4528] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[4528] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[4528] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2D, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 24, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0C, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 12, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 15, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 21, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0F, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 27, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1B, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1E, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2A, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00A6
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A008B
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A007A
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0069
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A003D
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00C8
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F80
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00EA
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00D9
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F2C
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0058
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A001B
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A00B7
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A002C
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F5B
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A002C
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0F94
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A0FDB
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002A0FC0
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 4A, 88 ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\dllhost.exe[5920] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\dllhost.exe[5920] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\dllhost.exe[5920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00660000
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- EOF - GMER 1.0.14 ----